The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file.
CVSS Score
7.2
EPSS Score
0.007
Published
2023-12-25
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename.
CVSS Score
7.2
EPSS Score
0.007
Published
2023-12-25
ILIAS before 7.16 allows OS Command Injection.
CVSS Score
8.8
EPSS Score
0.097
Published
2022-12-07
ILIAS before 7.16 allows XSS.
CVSS Score
5.4
EPSS Score
0.012
Published
2022-12-07
ILIAS before 7.16 has an Open Redirect.
CVSS Score
6.1
EPSS Score
0.296
Published
2022-12-07
ILIAS before 7.16 allows External Control of File Name or Path.
CVSS Score
6.5
EPSS Score
0.005
Published
2022-12-07
In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts.
CVSS Score
4.3
EPSS Score
0.003
Published
2022-06-29
An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload.
CVSS Score
6.5
EPSS Score
0.004
Published
2021-05-13