all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Chamilo 1.11.18 Command Injection

Add to bookmarks
Aug. 24, 2023, 2:27 p.m. |

Packet Storm packetstormsecurity.com

This Metasploit module exploits an unauthenticated remote command execution vulnerability that affects Chamilo versions 1.11.18 and below. Due to a functionality called Chamilo Rapid to easily convert PowerPoint slides to courses on Chamilo, it is possible for an unauthenticated remote attacker to execute arbitrary commands at the OS level using a malicious SOAP request at the vulnerable endpoint /main/webservices/additional_webservices.php.

called command command injection courses exploits injection malicious metasploit powerpoint rapid request slides soap unauthenticated vulnerability

Visit resource

More from packetstormsecurity.com / Packet Storm

Debian Security Advisory 5676-1 23 hours ago | packetstormsecurity.com
advisory arbitrary code chromium code +13
Ubuntu Security Notice USN-6747-2 23 hours ago | packetstormsecurity.com
attacker denial of service domains exploit +16
htmlLawed 1.2.5 Remote Command Execution 23 hours ago | packetstormsecurity.com
command concept exploit proof +1
Red Hat Security Advisory 2024-2651-03 23 hours ago | packetstormsecurity.com
advisory denial of service enterprise linux +7
Red Hat Security Advisory 2024-2645-03 23 hours ago | packetstormsecurity.com
advisory enterprise linux red hat +5
1,400 GitLab Servers Impacted By Exploited Vulnerability 23 hours ago | packetstormsecurity.com
data loss exploited flaw gitlab +3
Hackers Compromised Dropbox eSignature Service 23 hours ago | packetstormsecurity.com
compromised dropbox flaw hacker +2
Hacker Free-For-All Fights For Control Of Home And Office Routers Everywhere 23 hours ago | packetstormsecurity.com
botnet control email free +6
REvil Ransomware Scum Gets 14 Years, $16 Million Fine 23 hours ago | packetstormsecurity.com
cryptography cybercrime fraud hacker +5

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

SITEC- Systems Security Administrator- Camp HM Smith

@ Peraton | Camp H.M. Smith, HI, United States
View on infosec-jobs.com

Cyberspace Intelligence Analyst

@ Peraton | Fort Meade, MD, United States
View on infosec-jobs.com

General Manager, Cybersecurity, Google Public Sector

@ Google | Virginia, USA; United States
View on infosec-jobs.com

Cyber Security Advisor

@ H&M Group | Stockholm, Sweden
View on infosec-jobs.com

Engineering Team Manager – Security Controls

@ H&M Group | Stockholm, Sweden
View on infosec-jobs.com
View more jobs