Lucene search

[email protected]CVE-2022-45918

HistoryDec 07, 2022 - 1:15 a.m.

CVE-2022-45918

2022-12-0701:15:11

CWE-610

[email protected]

web.nvd.nist.gov

ilias

7.16

cve-2022-45918

file path

file name

external control

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.2%

JSON

ILIAS before 7.16 allows External Control of File Name or Path.

Affected configurations

NVD

Node

iliasiliasRange<7.16

CPENameOperatorVersion
ilias:iliasiliaslt7.16

CPE	Name	Operator	Version
ilias:ilias	ilias	lt	7.16

References

packetstormsecurity.com/files/170181/ILIAS-eLearning-7.15-Command-Injection-XSS-LFI-Open-Redirect.html

seclists.org/fulldisclosure/2022/Dec/7

sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-ilias-elearning-platform/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.2%

JSON

Related for CVE-2022-45918

prion1 cvelist1 osv1 nvd1 openvas1 zdt1 packetstorm1