The vulnerability of the Learning Module component of the ILIAS learning management and support system allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Learning Module component of the ILIAS learning management and support system exists due to an incorrect restriction on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity...

CVE-2023-45868

The Learning Module in ILIAS 7.25 2023-09-12 release allows an attacker with basic user privileges to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified directories, normally outside...

CVE-2023-45868

The Learning Module in ILIAS 7.25 2023-09-12 release allows an attacker with basic user privileges to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified directories, normally outside...

Directory traversal

The Learning Module in ILIAS 7.25 2023-09-12 release allows an attacker with basic user privileges to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified directories, normally outside...

CVE-2023-45868

The Learning Module in ILIAS 7.25 2023-09-12 release allows an attacker with basic user privileges to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified directories, normally outside...

PT-2023-6722 · Ilias · Ilias

Name of the Vulnerable Software and Affected Versions: ILIAS version 7.25 Description: The issue exists due to incorrect restriction of the path name to a directory with limited access in the Learning Module component of the ILIAS learning management system. Exploitation of this issue may allow a...

SQL Injection Vulnerability in Learning Module ti*** Parameters of 120 Emergency Command Center Web Service System

120 Emergency Command Center Web Service System is a set of web application services for 120 Emergency Command Center, including internal training, learning and assessment functions. SQL injection vulnerability exists in the learning module ti parameter of the 120 Emergency Command Center Web...

SQL Injection Vulnerability in the New Learning Module ti*** Parameters of 120 Emergency Command Center Web Service System

120 Emergency Command Center Web Service System is a set of web application services for 120 Emergency Command Center, including internal training, learning and assessment functions. The 120 Emergency Command Center Web Service System has a new learning module ti parameter has a SQL injection...