ILIAS 4.4.1 allows remote malicious users to execute arbitrary PHP code via an e-mail attachment that leads to creation of a .php file with a certain client_id pathname.
# ==============================================================
# Title | Multiple vulnerabilities in ILIAS
# Version | ilias-441zip
# Date | 21022014
# Found | HauntIT Blog
# Home | wwwiliasde
# ==============================================================
First from admin user logged in:
# =============================== ...