# N/A
## 漏洞概述
Chamilo v1.11.* 至 v1.11.18 版本中的 wsConvertPpt 组件存在命令注入漏洞,攻击者可以通过精心构造的 PowerPoint 名称在 SOAP API 调用中执行任意命令。
## 影响版本
- Chamilo v1.11.* 至 v1.11.18
## 漏洞细节
攻击者可以通过 SOAP API 调用传递一个精心构造的 PowerPoint 文件名称,从而在服务器上执行任意命令。这一漏洞存在于 Chamilo 的 wsConvertPpt 组件中。
## 漏洞影响
此漏洞允许攻击者在系统上执行任意命令,可能导致破坏数据、获取敏感信息或进行其他非法操作。
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | CVE-2023-34960 Chamilo PoC | https://github.com/Aituglo/CVE-2023-34960 | POC详情 |
| 2 | Python 2.7 | https://github.com/Jenderal92/CHAMILO-CVE-2023-34960 | POC详情 |
| 3 | None | https://github.com/YongYe-Security/Chamilo_CVE-2023-34960-EXP | POC详情 |
| 4 | Perform with Massive Command Injection (Chamilo) | https://github.com/ThatNotEasy/CVE-2023-34960 | POC详情 |
| 5 | None | https://github.com/Mantodkaz/CVE-2023-34960 | POC详情 |
| 6 | Perform with Massive Command Injection (Chamilo) | https://github.com/tucommenceapousser/CVE-2023-34960-ex | POC详情 |
| 7 | Chamilo CVE-2023-34960 Batch scan/exploit | https://github.com/YongYe-Security/CVE-2023-34960 | POC详情 |
| 8 | Automatic vuln scanner and exploiter for l7 ddos attacks using Chamilio CVE-2023-34960 | https://github.com/dvtarsoul/ChExp | POC详情 |
| 9 | chamilo soap api rce (/webservices/additional_webservices.php) | https://github.com/mr-won/cve-2023-34960 | POC详情 |
| 10 | A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-34960.yaml | POC详情 |
| 11 | chamilo soap api rce (/webservices/additional_webservices.php) | https://github.com/user20252228/cve-2023-34960 | POC详情 |