Description

Command injection in `main/lp/openoffice_presentation.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.

Remediation

References

CVE-2023-4221

Related Vulnerabilities

WordPress Plugin Super Simple Custom CSS Cross-Site Scripting (1.2)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-40600)

Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2018-8011)

WordPress Plugin Responsive Slider-Image Slider-Slideshow for WordPress SQL Injection (2.6.8)

silverstripeCMS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-12437)

Severity

High

Classification

CVE-2023-4221 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities