Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Ilias Security Vulnerabilities

cve
cve

CVE-2023-36486

The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious...

7.2CVSS

7.4AI Score

0.001EPSS

2023-12-25 08:15 AM
26
cve
cve

CVE-2023-36485

The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition...

7.2CVSS

7.3AI Score

0.001EPSS

2023-12-25 08:15 AM
25
cve
cve

CVE-2023-45869

ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec() function in the execQuoted() method of the ilUtil class...

9CVSS

7AI Score

0.001EPSS

2023-10-26 03:15 PM
31
cve
cve

CVE-2023-45867

ILIAS (2013-09-12 release) contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this to gain unauthorized access to and potentially retrieve confidential...

6.5CVSS

7AI Score

0.0005EPSS

2023-10-26 03:15 PM
24
cve
cve

CVE-2023-45868

The Learning Module in ILIAS 7.25 (2023-09-12 release) allows an attacker (with basic user privileges) to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified directories, normally...

8.1CVSS

7.2AI Score

0.0005EPSS

2023-10-26 03:15 PM
28
cve
cve

CVE-2023-36484

ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to reflected Cross-Site Scripting...

6.1CVSS

6AI Score

0.001EPSS

2023-06-29 07:15 PM
38
cve
cve

CVE-2023-36488

ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to stored Cross Site Scripting...

5.4CVSS

5.4AI Score

0.001EPSS

2023-06-29 05:15 PM
21
cve
cve

CVE-2023-36487

The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows remote attackers to take over the...

9.8CVSS

9.4AI Score

0.002EPSS

2023-06-29 05:15 PM
29
cve
cve

CVE-2022-45918

ILIAS before 7.16 allows External Control of File Name or...

6.5CVSS

6.8AI Score

0.002EPSS

2022-12-07 01:15 AM
33
cve
cve

CVE-2022-45916

ILIAS before 7.16 allows...

5.4CVSS

6.2AI Score

0.001EPSS

2022-12-07 01:15 AM
31
cve
cve

CVE-2022-45915

ILIAS before 7.16 allows OS Command...

8.8CVSS

7.6AI Score

0.004EPSS

2022-12-07 01:15 AM
34
cve
cve

CVE-2022-45917

ILIAS before 7.16 has an Open...

6.1CVSS

6.6AI Score

0.002EPSS

2022-12-07 01:15 AM
48
2
cve
cve

CVE-2022-31266

In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over...

9.8CVSS

9.4AI Score

0.003EPSS

2022-06-29 01:15 AM
33
7