CVE-2023-3368

Published: 2023-11-28T07:15Z

Last Modified: 2024-11-21T08:17Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt