437 matches found
CVE-2026-12789
A vulnerability was identified in ILIAS Learning Management System 11.0. This issue affects the function ilTrQuery::executeQueries of the file components/ILIAS/Tracking/classes/class.ilTrQuery.php of the component Learning Progress Tracking. Such manipulation of the argument trouptablenav leads t...
EUVD-2026-38153
A vulnerability was identified in ILIAS Learning Management System 11.0. This issue affects the function ilTrQuery::executeQueries of the file components/ILIAS/Tracking/classes/class.ilTrQuery.php of the component Learning Progress Tracking. Such manipulation of the argument trouptablenav leads t...
CVE-2026-12789 ILIAS Learning Management System Learning Progress Tracking class.ilTrQuery.php executeQueries sql injection
A vulnerability was identified in ILIAS Learning Management System 11.0. This issue affects the function ilTrQuery::executeQueries of the file components/ILIAS/Tracking/classes/class.ilTrQuery.php of the component Learning Progress Tracking. Such manipulation of the argument trouptablenav leads t...
CVE-2026-12789
The CVE concerns ILIAS Learning Management System 11.0. The vulnerability affects the function ilTrQuery::executeQueries (file: components/ILIAS/Tracking/classes/class.ilTrQuery.php) in the Learning Progress Tracking component. The issue arises from manipulation of the troup_table_nav argument, l...
ILIAS eLearning <7.16 - Open Redirect
ILIAS eLearning before 7.16 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-45917 info: name: ILIAS eLearning 7.16 - Open Redirect author:...
CVE-2020-36944
ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that allows attackers to read local files through portfolio PDF export functionality. Attackers can inject a script that uses XMLHttpRequest to retrieve local file contents when the portfolio is exported to...
CVE-2020-36944
ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that allows attackers to read local files through portfolio PDF export functionality. Attackers can inject a script that uses XMLHttpRequest to retrieve local file contents when the portfolio is exported to...
CVE-2020-36944
ILIAS Learning Management System 4.3 is affected by a server-side request forgery (SSRF) vulnerability that lets an attacker read local files via the portfolio PDF export feature. The published description states an attacker can inject a script that uses XMLHttpRequest to retrieve local file cont...
CVE-2020-36944 ILIAS Learning Management System 4.3 - SSRF
ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that allows attackers to read local files through portfolio PDF export functionality. Attackers can inject a script that uses XMLHttpRequest to retrieve local file contents when the portfolio is exported to...
CVE-2020-36944
ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that allows attackers to read local files through portfolio PDF export functionality. Attackers can inject a script that uses XMLHttpRequest to retrieve local file contents when the portfolio is exported to...
PT-2026-5151
Name of the Vulnerable Software and Affected Versions ILIAS Learning Management System version 4.3 Description The ILIAS Learning Management System contains a server-side request forgery issue. This allows attackers to read local files through the portfolio PDF export functionality. Attackers can...
CVE-2023-45868
The Learning Module in ILIAS 7.25 2023-09-12 release allows an attacker with basic user privileges to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified directories, normally outside...
CVE-2018-10665
ILIAS 5.3.4 has XSS through unsanitized output of PHPSELF, related to shiblogout.php and third-party demo files...
CVE-2022-31478
The UserTakeOver plugin before 4.0.1 for ILIAS allows an attacker to list all users via the search function...
CVE-2025-11344
A vulnerability was detected in ILIAS up to 8.23/9.13/10.1. Affected by this vulnerability is an unknown functionality of the component Certificate Import Handler. The manipulation results in Remote Code Execution. The attack may be performed from remote. Upgrading to version 8.24, 9.14 and 10.2...
CVE-2025-11346
A vulnerability has been found in ILIAS up to 8.23/9.13/10.1. This affects the function unserialize of the component Base64 Decoding Handler. Such manipulation of the argument fsettings leads to deserialization. It is possible to launch the attack remotely. Upgrading to version 8.24, 9.14 and 10....
CVE-2025-11345
A flaw has been found in ILIAS up to 8.23/9.13/10.1. Affected by this issue is the function unserialize of the component Test Import. This manipulation causes deserialization. It is possible to initiate the attack remotely. Upgrading to version 8.24, 9.14 and 10.2 can resolve this issue. Upgradin...
EUVD-2018-17457
Malware in sbrugna...
EUVD-2019-1979
Malware in sbrugna...
EUVD-2018-2500
Malware in sbrugna...