ILIAS 5.4.7

CPE Details

ILIAS 5.4.7
ilias
ilias
5.4.7
2021-05-19
18h39 +00:00
2021-05-19
19h50 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:ilias:ilias:5.4.7:*:*:*:*:*:*:*

Informations

Vendor

ilias

Product

ilias

Version

5.4.7

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-36485 2023-12-24 23h00 +00:00 The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file.
7.2
High
CVE-2023-36486 2023-12-24 23h00 +00:00 The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename.
7.2
High
CVE-2022-45915 2022-12-06 23h00 +00:00 ILIAS before 7.16 allows OS Command Injection.
8.8
High
CVE-2022-45916 2022-12-06 23h00 +00:00 ILIAS before 7.16 allows XSS.
5.4
Medium
CVE-2022-45917 2022-12-06 23h00 +00:00 ILIAS before 7.16 has an Open Redirect.
6.1
Medium
CVE-2022-45918 2022-12-06 23h00 +00:00 ILIAS before 7.16 allows External Control of File Name or Path.
6.5
Medium
CVE-2022-31266 2022-06-28 22h46 +00:00 In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts.
4.3
Medium
CVE-2020-23996 2021-05-13 17h49 +00:00 A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data.
8.8
High
CVE-2020-23995 2021-05-13 17h49 +00:00 An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload.
6.5
Medium