Описание
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.
Связанные уязвимости
CVSS3: 9.8
nvd
около 2 лет назад
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.
CVSS3: 9.8
fstec
около 2 лет назад
Уязвимость компонента wsConvertPpt системы электронного обучения и управления контентом Chamilo LMS, позволяющая нарушителю выполнить произвольные команды