Ilias Security Vulnerabilities and Issues — Ilias CVE List

Lucene search

IliasIlias

3 matches found

CVE•added 2023/10/26 3:15 p.m.•71 views

CVE-2023-45869

ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec() function in the execQuoted() method of the ilUtil class (/Services/Utilities/cla...

9CVSS8.8AI score0.00146EPSS

CVE•added 2023/10/26 3:15 p.m.•46 views

CVE-2023-45868

The Learning Module in ILIAS 7.25 (2023-09-12 release) allows an attacker (with basic user privileges) to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified directories, normally outsi...

8.1CVSS7.9AI score0.0038EPSS

CVE•added 2023/10/26 3:15 p.m.•41 views

CVE-2023-45867

ILIAS (2013-09-12 release) contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this to gain unauthorized access to and potentially retrieve confidential fil...

6.5CVSS7AI score0.00254EPSS