exploitDog

GHSA-x9xc-jg9p-2j7f

Опубликовано: 28 нояб. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

Command injection in /main/webservices/additional_webservices.php in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960.

Command injection in /main/webservices/additional_webservices.php in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960.

Ссылки

EPSS

Процентиль: 99%

0.84764

Высокий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-78

Связанные уязвимости

CVE-2023-3368

CVSS3: 9.8

nvd

около 2 лет назад

Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960.

EPSS

Процентиль: 99%

0.84764

Высокий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-78