CVE-2021-39181
OpenOlat (web-based LMS) is affected prior to versions 15.3.18, 15.5.3, and 16.0.0. The vulnerability lets an attacker with an authoring-role OpenOlat account instantiate any Java class on the classpath via a prepared import XML file (e.g., a course), enabling arbitrary code execution. The underl...