CVE-2023-34960 Scanner

Chamilo is an open-source e-learning platform used by educational institutions, businesses, and governments around the world. Its main purpose is to provide an online learning environment where teachers and students can interact, share course materials and assignments, take quizzes, and track their progress. With its user-friendly interface and customizable features, Chamilo has become a popular choice for educators who want to deliver high-quality education to their students.

The CVE-2023-34960 vulnerability detected in Chamilo v1.11.* up to v1.11.18 is a command injection vulnerability in the wsConvertPpt component. This vulnerability can be exploited by attackers who send a SOAP API call with a crafted PowerPoint name. The input validation of the application fails to correctly sanitize the input, which allows an attacker to inject arbitrary commands that could lead to remote code execution. 

If this vulnerability is exploited, attackers can run arbitrary commands on the system and gain unauthorized access to sensitive data, modify or delete critical files, and take control of the entire system. This can lead to data breaches, financial loss, reputational damage, and legal liability. 

Thanks to the pro features of the s4e.io platform, readers of this article can easily and quickly learn about vulnerabilities in their digital assets. This platform offers a comprehensive vulnerability scanning, penetration testing, and compliance assessment service, which helps organizations identify and mitigate security risks efficiently. With s4e.io, users can protect their networks, applications, and data from cyber threats and security breaches.

REFERENCES

• https://sploitus.com/exploit?id=FD666992-20E1-5D83-BA13-67ED38E1B83D
• https://github.com/Aituglo/CVE-2023-34960/blob/master/poc.py