CVE-2023-34960
Description
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.
Severity: CRITICAL
CVE ID: CVE-2023-34960
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2023-34960
Refrence: Project Discovery GitHub
Aituglo
CVE-2023-34960 Chamilo PoC
Refrence: GitHub
Jenderal92
Python 2.7
Refrence: GitHub
YongYe-Security
Chamilo CVE-2023-34960 Batch scan/exploit
Refrence: GitHub
ThatNotEasy
Perform with Massive Command Injection (Chamilo)
Refrence: GitHub
Mantodkaz
Refrence: GitHub
tucommenceapousser
Perform with Massive Command Injection (Chamilo)
Refrence: GitHub
Content on GitHub
getdrive | watchers:59
PoC
PoC. Severity critical.
Refrence: GitHub
peiqiF4ck | watchers:157
WebFrameworkTools-5.1-main
本软件首先集成危害性较大框架和部分主流cms的rce(无需登录,或者登录绕过执行rce)和反序列化(利用链简单)。傻瓜式导入url即可实现批量getshell。批量自动化测试。例如:Thinkphp,Struts2,weblogic。出现的最新漏洞进行实时跟踪并且更新例如:log4jRCE,向日葵 禅道RCE 瑞友天翼应用虚拟化系统sql注入导致RCE大华智慧园区上传,金蝶云星空漏洞等等.
Refrence: GitHub