Description

An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools.

Remediation

References

CVE-2023-34959

Related Vulnerabilities

Oracle Database Server CVE-2014-4237 Vulnerability (CVE-2014-4237)

Moodle Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2024-25983)

WordPress Plugin WordPress Backup to Ziddu Cross-Site Scripting (1)

XWikiplatform Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-37899)

WordPress Plugin ThirstyAffiliates Affiliate Link Manager Cross-Site Scripting (3.9.2)

Severity

Medium

Classification

CVE-2023-34959 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities