CVE-2023-34960

Published Aug 1, 2023

Last updated 3 years ago

CVSS critical 9.8
lms

Overview

AI description

Automated description summarized from trusted sources.

CVE-2023-34960 is a command injection vulnerability found in the wsConvertPpt component of Chamilo Learning Management System (LMS) versions 1.11.* up to 1.11.18. This vulnerability allows attackers to execute arbitrary commands on the server. The vulnerability is exploitable through a specially crafted PowerPoint file name used in a SOAP API call to the wsConvertPpt component.

Description
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.
Source
cve@mitre.org
NVD status
Modified

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

nvd@nist.gov
CWE-77

Social media

Hype score
Not currently trending

  1. ๐ŸŽฏCVE-2023-34960 - https://t.co/l1HivLPN81 โœ…Join Telegram- https://t.co/V3wk76XHL2 #infosec #cybersec #bugbountytips https://t.co/POX7LCRpM1 https://t.co/eh41ya6M13

    @wtf_brut

    7 Feb 2025

    4017 Impressions

    10 Retweets

    72 Likes

    56 Bookmarks

    0 Replies

    0 Quotes

  2. Top 5 Trending CVEs: 1 - CVE-2024-50603 2 - CVE-2023-34960 3 - CVE-2024-49138 4 - CVE-2024-12084 5 - CVE-2025-21210 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    21 Jan 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2023-34960 Root cause: - https://t.co/hpOiJCvuvL #infosec #cybersec #bugbountytips https://t.co/vWGXWahW3B

    @0x0SojalSec

    19 Jan 2025

    6334 Impressions

    23 Retweets

    119 Likes

    72 Bookmarks

    0 Replies

    0 Quotes

  4. csirt_it: La Settimana Cibernetica del 29 dicembre 2024 ๐Ÿ”„ Aggiornamenti di sicurezza per prodotti: ๐Ÿ‘‡ ๐Ÿ”น Palo Alto Networks ๐Ÿ”น Adobe ๐Ÿ“ˆ #EPSS: rilevate variazioni nei prodotti: ๐Ÿ‘‡ ๐Ÿ”น Chamilo: CVE-2023-34960 ๐Ÿ”— https://t.co/YsYTGHXAAz https://t.co/RTZaxh4Euz

    @Vulcanux_

    30 Dec 2024

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. La Settimana Cibernetica del 29 dicembre 2024 ๐Ÿ”„ Aggiornamenti di sicurezza per prodotti: ๐Ÿ‘‡ ๐Ÿ”น Palo Alto Networks ๐Ÿ”น Adobe ๐Ÿ“ˆ #EPSS: rilevate variazioni nei prodotti: ๐Ÿ‘‡ ๐Ÿ”น Chamilo: CVE-2023-34960 ๐Ÿ”— https://t.co/uAwIeveu9T https://t.co/ceTb63LGOK

    @csirt_it

    30 Dec 2024

    112 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerabilityโ€ขCVE-2026-41940
  2. Successful exploitation of the stored cross-site scripting (XSS) vulnerability could allow an attacker to execute arbitrary JavaScript on any user account that has access to Koollab LMSโ€™ courselet feature.โ€ขCVE-2026-3007
  3. The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind SQL Injection via the 'order' and 'orderby' parameters in the /lms/stm-lms/order/items REST API endpoint in versions up to and including 3.7.25. This is due to insufficient input sanitization combined with a design flaw in the custom Query builder class that allows unquoted SQL injection in ORDER BY clauses. When the Query builder detects parentheses in the sort_by parameter, it treats the value as a SQL function and directly concatenates it into the ORDER BY clause without any quoting. While esc_sql() is applied to escape quotes and backslashes, this cannot prevent ORDER BY injection when the values themselves are not wrapped in quotes in the resulting SQL statement. This makes it possible for authenticated attackers, with subscriber-level access and above, to append arbitrary SQL queries via the ORDER BY clause to extract sensitive information from the database including user credentials, session tokens, and other confidential data through time-based blind SQL injection techniques.โ€ขCVE-2026-4817
  4. Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacksโ€ขCVE-2026-5426
  5. Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an insecure direct object modification vulnerability in the PUT /api/users/{id} endpoint allows any authenticated user with ROLE_STUDENT to escalate their privileges to ROLE_ADMIN by modifying the roles field on their own user record. The API Platform security expression is_granted('EDIT', object) only verifies record ownership, and the roles field is included in the writable serialization group, enabling any user to set arbitrary roles such as ROLE_ADMIN. Successful exploitation grants full administrative control of the platform, including access to all courses, user data, grades, and administrative settings. This issue has been fixed in version 2.0.0-RC.3.โ€ขCVE-2026-40291

References

Sources include official advisories and independent security research.