Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:ilias:ilias:5.2.24:*:*:*:*:*:*:*
Informations
Vendor
iliasProduct
iliasVersion
5.2.24Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file. | 7.2 |
High |
||
| The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename. | 7.2 |
High |
||
| ILIAS before 7.16 allows OS Command Injection. | 8.8 |
High |
||
| ILIAS before 7.16 allows XSS. | 5.4 |
Medium |
||
| ILIAS before 7.16 has an Open Redirect. | 6.1 |
Medium |
||
| ILIAS before 7.16 allows External Control of File Name or Path. | 6.5 |
Medium |
||
| In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts. | 4.3 |
Medium |
||
| A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data. | 8.8 |
High |
||
| An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload. | 6.5 |
Medium |
||
| Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date. | 6.1 |
Medium |
||
| error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the text of a PDO exception. | 6.1 |
Medium |
2025©
tesweb SA
