External Control Vulnerabilities in ILIAS eLearning Platform
CVE-2022-45918

6.5MEDIUM

Key Information:

Vendor

Ilias

Status
Ilias
Vendor
CVE Published:
7 December 2022

What is CVE-2022-45918?

The ILIAS eLearning platform, prior to version 7.16, presents a vulnerability that permits external entities to control file names or paths. This flaw can lead to various security issues, including unauthorized access to files, potential data breaches, and disruption of service. Users of affected versions should prioritize upgrading to secure their systems against possible exploitation by malicious actors.

References

https://sec-consult.com/vulnerability-lab/advisory/multip...
http://seclists.org/fulldisclosure/2022/Dec/7
mailing-list
http://packetstormsecurity.com/files/170181/ILIAS-eLearni...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.