4 matches found
CVE-2023-45869
ILIAS 7.25 2023-09-12 allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec function in the execQuoted method of the ilUtil class...
CVE-2023-45869
ILIAS 7.25 2023-09-12 allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec function in the execQuoted method of the ilUtil class...
CVE-2023-45869
CVE-2023-45869 affects ILIAS 7.25 (2023-09-12). The issue resides in the ilUtil::execQuoted() function (via the exec() call) which lacks input sanitization, allowing any authenticated user to remotely execute arbitrary operating system commands when a highly privileged account loads an XSS payloa...
CVE-2023-45869
ILIAS 7.25 2023-09-12 allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec function in the execQuoted method of the ilUtil class...