Mantodkaz

1 exploit Active since Aug 2023
CVE-2023-34960 NOMISEC CRITICAL WORKING POC
Chamilo unauthenticated command injection in PowerPoint upload
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.
4 stars
CVSS 9.8