CRITICAL🇵🇱 Wersja polska

CVE-2023-3368

CVSS 9.8v3.1pub. 2023-11-28upd. 2024-11-21

Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960.

🤖 AI Analysis
How it works

The vulnerability results from improper neutralization of special characters in parameters passed to the webservices endpoint. An attacker can construct a crafted HTTP request containing malicious special characters that are not properly filtered, leading to injection and execution of arbitrary system commands on the server side. The mechanism constitutes a bypass of the previous fix for CVE-2023-34960, indicating that the original mitigation was insufficient.

Impact

An unauthenticated attacker can obtain full remote code execution (RCE) on the server hosting Chamilo LMS, which in practice means the ability to take control of the system, steal data, install backdoors, or perform further lateral movement in the network.

Mitigation & patch

Chamilo LMS should be updated to a version containing fixes indicated in the vendor's commits (37be9ce7243a30259047dd4517c48ff8b21d657a and 4c69b294f927db62092e01b70ac9bd6e32d5b48b). It is recommended to monitor the vendor's security page at the address indicated in the references and immediately apply available patches.

Who is affected

Chamilo LMS in versions up to and including 1.11.20

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Chamilo

    APP
    Chamilo
    < 1.11.20
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEAuth BypassCommand Injection
CWE
References

Related vulnerabilities

CVE-2023-3545CRITICAL9.8PL ✓ten sam produkt

Chamilo LMS – ominięcie ochrony upload plików i RCE przez .htaccess

CVE-2023-3533CRITICAL9.8PL ✓ten sam produkt

Path Traversal i RCE w Chamilo LMS — nieuwierzytelniony zapis pliku

CVE-2023-34960CRITICAL9.8ten sam produkt

A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attac...

CVE-2021-34187CRITICAL9.8ten sam produkt

main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or ...

CVE-2022-42029HIGH8.8ten sam produkt

Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated ...