Exploit for #VU81099 OS Command Injection in Chamilo LMS

Exploit for #VU81099 OS Command Injection in Chamilo LMS

Published: 2023-09-25 | Updated: 2024-05-13

Vulnerability identifier: #VU81099

Vulnerability risk: High

CVSSv3.1: 9.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2023-34960

CWE-ID: CWE-78

Exploitation vector: Network

Exploits in database: 3

May 13, 2024
- CVE-2023-34960 (Perform with Massive Command Injection (Chamilo)) [Github]
September 25, 2023
- Chamilo unauthenticated command injection in PowerPoint upload [Metasploit]
- Chamilo 1.11.18 Command Injection [Packet Storm]

Impact: Code execution

Vulnerable software:
Chamilo LMS
Client/Desktop applications / Other client software

Vendor: Chamilo