Vulnerabilities > Ilias > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-25 | CVE-2023-36485 | Unspecified vulnerability in Ilias The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file. | 7.2 |
| 2023-12-25 | CVE-2023-36486 | Unspecified vulnerability in Ilias The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename. | 7.2 |
| 2023-10-26 | CVE-2023-45868 | Path Traversal vulnerability in Ilias 7.25 The Learning Module in ILIAS 7.25 (2023-09-12 release) allows an attacker (with basic user privileges) to achieve a high-impact Directory Traversal attack on confidentiality and availability. | 8.1 |
| 2022-12-07 | CVE-2022-45915 | OS Command Injection vulnerability in Ilias ILIAS before 7.16 allows OS Command Injection. | 8.8 |
| 2009-01-02 | CVE-2008-5816 | SQL Injection vulnerability in Ilias SQL injection vulnerability in repository.php in ILIAS 3.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ref_id parameter. | 7.5 |