Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ilias vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2020-23995
An information disclosure vulnerability in ILIAS prior to 5.3.19, 5.4.12 and 6.0 allows remote authenticated malicious users to get the upload data path via a workspace upload.
Ilias Ilias
6.5
CVSSv2
CVE-2020-23996
A local file inclusion vulnerability in ILIAS prior to 5.3.19, 5.4.10 and 6.0 allows remote authenticated malicious users to execute arbitrary code via the import of personal data.
Ilias Ilias
4.3
CVSSv2
CVE-2018-10428
ILIAS prior to 5.1.26, 5.2.x prior to 5.2.15, and 5.3.x prior to 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting.
Ilias Ilias
3.5
CVSSv2
CVE-2017-15538
Stored XSS vulnerability in the Media Objects component of ILIAS prior to 5.1.21 and 5.2.x prior to 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.ph...
Ilias Ilias
4.3
CVSSv2
CVE-2018-5688
ILIAS prior to 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the Setup component.
Ilias Ilias
1 EDB exploit
NA
CVE-2023-45867
ILIAS (2013-09-12 release) contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this to gain unauthorized access to and potentially retrie...
Ilias Ilias 7.25
NA
CVE-2023-45868
The Learning Module in ILIAS 7.25 (2023-09-12 release) allows an attacker (with basic user privileges) to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified director...
Ilias Ilias 7.25
NA
CVE-2023-45869
ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec() function in the execQuoted() method of the ilUtil class (/Ser...
Ilias Ilias 7.25
3.5
CVSSv2
CVE-2020-25267
An XSS issue exists in the question-pool file-upload preview feature in ILIAS 6.4.
Ilias Ilias 6.4.0
6.5
CVSSv2
CVE-2014-2088
Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 allows remote authenticated users to execute arbitrary PHP code by using a .php filename in an upload_files action to the uploadFiles command, and then accessing the .php file via a direct request to a certain cli...
Ilias Ilias 4.4.1
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »