Remote Code Execution Vulnerability in ILIAS by ILIAS e-Learning
CVE-2023-45869

9CRITICAL

Key Information:

Vendor: Ilias
Status: Ilias
Vendor: CVE Published:; 26 October 2023

What is CVE-2023-45869?

The ILIAS e-Learning platform version 7.25 is affected by a security vulnerability that allows an authenticated user to execute arbitrary operating system commands remotely through a crafted XSS payload. When accessed by a highly privileged account, this vulnerability exploits the exec() function in the execQuoted() method of the ilUtil class. Attackers can leverage this flaw to inject malicious commands into the system, which may lead to potential compromises of the ILIAS installation, along with risks to the integrity, confidentiality, and availability of the underlying operating system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://rehmeinfosec.de/report/358ad5f6-f712-4f74-a5ee-47...

https://rehmeinfosec.de/labor/cve-2023-45869

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 26, 2023
Vulnerability Reserved
Oct 14, 2023

JSON

Ilias

What is CVE-2023-45869?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.