Description
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contact Form 7 Multi-Step Forms Security Bypass (3.0.8)
Ruby Improper Authentication Vulnerability (CVE-2007-5162)
Moodle Improper Input Validation Vulnerability (CVE-2019-3847)
WordPress Plugin Ultimate Reviews PHP Object Injection (2.1.32)
WordPress Plugin Simple Download Button Shortcode 'file' Parameter Information Disclosure (1.0)