Back to KEVs

CVE-2023-34960

A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands...

Basic Information

CVE State
PUBLISHED
Reserved Date
June 07, 2023
Published Date
August 01, 2023
Last Updated
October 23, 2024
Vendor
n/a
Product
n/a
Description
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.
Tags
nuclei_scanner

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Score
93.99% (Percentile: 99.87%) as of 2025-05-24

SSVC Information

Exploitation
none
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (added 2025-05-24 00:00:00 UTC) Source

References

http://chamilo.com https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-112-2023-04-20-Critical-impact-High-risk-Remote-Code-Execution http://packetstormsecurity.com/files/174314/Chamilo-1.11.18-Command-Injection.html

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-05-25 12:00:17 UTC

Scanner Integrations

Scanner URL Date Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/chamilo_unauth_rce_cve_2023_34960.rb 2025-04-29 11:01:12 UTC
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-34960.yaml 2025-04-26 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

chamilo_unauth_rce_cve_2023_34960

Type: metasploit • Created: Unknown

Metasploit module for CVE-2023-34960

tucommenceapousser/CVE-2023-34960-ex

Type: github • Created: 2023-08-01 08:09:51 UTC • Stars: 0

Perform with Massive Command Injection (Chamilo)

Mantodkaz/CVE-2023-34960

Type: github • Created: 2023-07-24 20:51:15 UTC • Stars: 4

ThatNotEasy/CVE-2023-34960

Type: github • Created: 2023-07-22 05:27:45 UTC • Stars: 21

Perform with Massive Command Injection (Chamilo)

YongYe-Security/CVE-2023-34960

Type: github • Created: 2023-07-09 11:24:33 UTC • Stars: 0

Chamilo CVE-2023-34960 Batch scan/exploit

Jenderal92/CHAMILO-CVE-2023-34960

Type: github • Created: 2023-07-03 11:17:42 UTC • Stars: 2

Wordpress CVE-2023-34960

Aituglo/CVE-2023-34960

Type: github • Created: 2023-06-09 10:32:22 UTC • Stars: 35

CVE-2023-34960 Chamilo PoC