Description
A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data.
References (4)
Core 4
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/ILIAS-eLearning/ILIAS/commit/6717c4ecc6d076154ce185f1ea052f07f37e3537
Release Notes, Vendor Advisory x_refsource_confirm
https://docu.ilias.de/goto_docu_pg_122177_35.html
Release Notes, Vendor Advisory x_refsource_confirm
https://docu.ilias.de/goto_docu_pg_118823_35.html
Release Notes, Vendor Advisory x_refsource_confirm
https://docu.ilias.de/goto_docu_pg_118817_35.html
Scores
CVSS v3
8.8
EPSS
0.0334
EPSS Percentile
87.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (1)
ilias/ilias
< 5.3.19
Published
May 13, 2021
Tracked Since
Feb 18, 2026