Description

Command injection in `main/lp/openoffice_text_document.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.

Remediation

References

CVE-2023-4222

Related Vulnerabilities

WordPress Plugin WP PRO Advertising System-All In One Ad Manager SQL Injection (4.6.18)

WordPress Plugin YITH WooCommerce Social Login Security Bypass (1.3.4)

XWiki Improper Neutralization of Alternate XSS Syntax Vulnerability (CVE-2023-35158)

Atlassian Jira CVE-2020-4029 Vulnerability (CVE-2020-4029)

Drupal Core 6.x Cross-Site Scripting (6.0 - 6.11)

Severity

High

Classification

CVE-2023-4222 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities