The workflow-engine of ILIAS prior to 7.23 and 8 prior to 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ilias ilias |