Vulnerabilities > CVE-2014-2088 - Unspecified vulnerability in Ilias 4.4.1

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
ilias
exploit available

Summary

Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 allows remote authenticated users to execute arbitrary PHP code by using a .php filename in an upload_files action to the uploadFiles command, and then accessing the .php file via a direct request to a certain client_id pathname. Per: http://cwe.mitre.org/data/definitions/434.html "CWE-434: Unrestricted Upload of File with Dangerous Type"

Vulnerable Configurations

Part Description Count
Application
Ilias
1

Exploit-Db

descriptionILIAS 4.4.1 - Multiple Vulnerabilities. CVE-2014-2088,CVE-2014-2089,CVE-2014-2090. Webapps exploit for php platform
idEDB-ID:31833
last seen2016-02-03
modified2014-02-22
published2014-02-22
reporterHauntIT
sourcehttps://www.exploit-db.com/download/31833/
titleILIAS 4.4.1 - Multiple Vulnerabilities