(CVE-2023-4222) Chamilo LMS Learning Path PPT2LP OpenofficeTextDocument Command Injection
Summary Product Chamilo Vendor Chamilo Severity High - Adversaries may exploit software vulnerabilities to obtain unauthenticated remote code execution. Affected Versions <= v1.11.24 Tested Versions v1.11.24 (latest version as of writing) CVE Identifier CVE-2023-4222 CVE Description Command injection in main/lp/openoffice_text_document.class.php in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters....