Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ilias vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-10306
Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x up to and including 5.3.x prior to 5.3.4 allow XSS via an invalid date.
Ilias Ilias
6.1
CVSSv3
CVE-2018-10307
error.php in ILIAS 5.2.x up to and including 5.3.x prior to 5.3.4 allows XSS via the text of a PDO exception.
Ilias Ilias
6.5
CVSSv3
CVE-2020-23995
An information disclosure vulnerability in ILIAS prior to 5.3.19, 5.4.12 and 6.0 allows remote authenticated malicious users to get the upload data path via a workspace upload.
Ilias Ilias
8.8
CVSSv3
CVE-2020-23996
A local file inclusion vulnerability in ILIAS prior to 5.3.19, 5.4.10 and 6.0 allows remote authenticated malicious users to execute arbitrary code via the import of personal data.
Ilias Ilias
6.1
CVSSv3
CVE-2018-5688
ILIAS prior to 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the Setup component.
Ilias Ilias
1 EDB exploit
6.5
CVSSv3
CVE-2023-45867
ILIAS (2013-09-12 release) contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this to gain unauthorized access to and potentially retrie...
Ilias Ilias 7.25
8.1
CVSSv3
CVE-2023-45868
The Learning Module in ILIAS 7.25 (2023-09-12 release) allows an attacker (with basic user privileges) to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified director...
Ilias Ilias 7.25
9
CVSSv3
CVE-2023-45869
ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec() function in the execQuoted() method of the ilUtil class (/Ser...
Ilias Ilias 7.25
5.4
CVSSv3
CVE-2020-25267
An XSS issue exists in the question-pool file-upload preview feature in ILIAS 6.4.
Ilias Ilias 6.4.0
NA
CVE-2014-2088
Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 allows remote authenticated users to execute arbitrary PHP code by using a .php filename in an upload_files action to the uploadFiles command, and then accessing the .php file via a direct request to a certain cli...
Ilias Ilias 4.4.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »