CVE advisoryCRITICAL
CVE-2023-34960
Chamilo wsConvertPpt Command Injection Vulnerability
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A command injection vulnerability in the wsConvertPpt component of Chamilo allows unauthenticated attackers to execute arbitrary commands on the server. This occurs through a SOAP API call with a crafted PowerPoint name, potentially leading to server compromise.