CVE-2020-25268

HIGH

Ilias - Remote Code Execution

Title source: rule

Description

Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data.

References (1)

Scores

CVSS v3 8.8
EPSS 0.0271
EPSS Percentile 85.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-88
Status published

Affected Products (1)

ilias/ilias

Timeline

Published Nov 10, 2020
Tracked Since Feb 18, 2026