Vulnerabilities > Ilias > Ilias > 7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-25 | CVE-2023-36485 | Unspecified vulnerability in Ilias The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file. | 7.2 |
| 2023-12-25 | CVE-2023-36486 | Unspecified vulnerability in Ilias The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename. | 7.2 |
| 2023-06-29 | CVE-2023-36487 | Unspecified vulnerability in Ilias The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows remote attackers to take over the account. | 9.8 |
| 2022-12-07 | CVE-2022-45915 | OS Command Injection vulnerability in Ilias ILIAS before 7.16 allows OS Command Injection. | 8.8 |
| 2022-12-07 | CVE-2022-45916 | Cross-site Scripting vulnerability in Ilias ILIAS before 7.16 allows XSS. | 5.4 |
| 2022-12-07 | CVE-2022-45917 | Open Redirect vulnerability in Ilias ILIAS before 7.16 has an Open Redirect. | 6.1 |
| 2022-12-07 | CVE-2022-45918 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Ilias ILIAS before 7.16 allows External Control of File Name or Path. | 6.5 |
| 2022-06-29 | CVE-2022-31266 | Missing Authentication for Critical Function vulnerability in Ilias In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts. | 4.3 |