4 matches found
CVE-2023-45869
ILIAS 7.25 2023-09-12 allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec function in the execQuoted method of the ilUtil class...
CVE-2023-45869
ILIAS 7.25 2023-09-12 allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec function in the execQuoted method of the ilUtil class...
CVE-2023-45869
ILIAS 7.25 2023-09-12 allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec function in the execQuoted method of the ilUtil class...
PT-2023-6719 · Ilias · Ilias
Name of the Vulnerable Software and Affected Versions: ILIAS version 7.25 Description: The issue is related to the exec function in the execQuoted method of the ilUtil class, which lacks input sanitization. This allows attackers to inject malicious commands into the system, potentially compromisi...