What is CVE-2023-34960?

CVE-2023-34960 is a vulnerability in N/a. Published 2023-08-01.

Is CVE-2023-34960 known to be exploited?

30 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2023-34960

A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.

EPSS: 0.940 (99.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

Aituglo/CVE-2023-34960
ThatNotEasy/CVE-2023-34960
Ap0dexMe0/CVE-2023-34960
Mantodkaz/CVE-2023-34960
Jenderal92/CHAMILO-CVE-2023-34960
tpdlshdmlrkfmcla/cve-2023-34960
YongYe-Security/CVE-2023-34960
rapid7/metasploit-framework
YongYe-Security/Chamilo_
dvtarsoul/ChExp

References

chamilo.com
support.chamilo.org/projects/1/wiki/Security_issues
packetstormsecurity.com/files/174314/Chamilo-1.11.18-Command-Injection.html

Frequently asked questions

What is CVE-2023-34960?: CVE-2023-34960 is a vulnerability in N/a. Published 2023-08-01.
Is CVE-2023-34960 known to be exploited?: 30 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.