ILIAS 5.1.24

CPE Details

ILIAS 5.1.24
ilias
ilias
5.1.24
2018-06-19
10h17 +00:00
2018-06-19
10h17 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:ilias:ilias:5.1.24:*:*:*:*:*:*:*

Informations

Vendor

ilias

Product

ilias

Version

5.1.24

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-36485 2023-12-24 23h00 +00:00 The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file.
7.2
Haute
CVE-2023-36486 2023-12-24 23h00 +00:00 The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename.
7.2
Haute
CVE-2022-45915 2022-12-06 23h00 +00:00 ILIAS before 7.16 allows OS Command Injection.
8.8
Haute
CVE-2022-45916 2022-12-06 23h00 +00:00 ILIAS before 7.16 allows XSS.
5.4
Moyen
CVE-2022-45917 2022-12-06 23h00 +00:00 ILIAS before 7.16 has an Open Redirect.
6.1
Moyen
CVE-2022-45918 2022-12-06 23h00 +00:00 ILIAS before 7.16 allows External Control of File Name or Path.
6.5
Moyen
CVE-2022-31266 2022-06-28 22h46 +00:00 In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts.
4.3
Moyen
CVE-2020-23996 2021-05-13 17h49 +00:00 A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data.
8.8
Haute
CVE-2020-23995 2021-05-13 17h49 +00:00 An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload.
6.5
Moyen
CVE-2018-10428 2018-05-23 18h00 +00:00 ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting.
6.1
Moyen
CVE-2018-10306 2018-05-18 11h00 +00:00 Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date.
6.1
Moyen
CVE-2018-11117 2018-05-17 11h00 +00:00 Services/Feeds/classes/class.ilExternalFeedItem.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a link attribute.
6.1
Moyen
CVE-2018-11118 2018-05-17 11h00 +00:00 The RSS subsystem in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a URI to Services/Feeds/classes/class.ilExternalFeedItem.php.
6.1
Moyen
CVE-2018-11119 2018-05-17 11h00 +00:00 ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 redirects a logged-in user to a third-party site via the return_to_url parameter.
6.1
Moyen
CVE-2018-11120 2018-05-17 11h00 +00:00 Services/COPage/classes/class.ilPCSourceCode.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS.
6.1
Moyen
CVE-2018-5688 2018-01-14 19h00 +00:00 ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the Setup component.
6.1
Moyen
CVE-2017-7583 2017-04-07 17h00 +00:00 ILIAS before 5.2.3 has XSS via SVG documents.
6.1
Moyen