Description
Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960.
Remediation
References
Related Vulnerabilities
WordPress Plugin Orbit Fox by ThemeIsle Multiple Vulnerabilities (2.10.2)
Oracle JRE CVE-2012-0500 Vulnerability (CVE-2012-0500)
WordPress Plugin Forms-Form builder and Contact form Multiple Unspecified Vulnerabilities (1.4.7)
WordPress Plugin ThreeWP Email Reflector 'Subject' Field Cross-Site Scripting (1.15)