CVE-2024-33529

HIGH

ILIAS 7-7.29 8-8.10 9.0 - Authenticated OS Command Injection via File Upload

Title source: llm
STIX 2.1

Description

ILIAS 7 before 7.30 and ILIAS 8 before 8.11 as well as ILIAS 9.0 allow remote authenticated attackers with administrative privileges to execute operating system commands via file uploads with dangerous types.

References (2)

Core 2

Scores

CVSS v3 7.2
EPSS 0.0090
EPSS Percentile 55.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-78
Status published
Products (2)
ilias/ilias 9.0
ilias/ilias 7.0 - 7.30
Published May 21, 2024
Tracked Since Feb 18, 2026