Vulnerabilities > Ilias > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-25 | CVE-2023-36485 | Unspecified vulnerability in Ilias The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file. | 7.2 |
| 2023-12-25 | CVE-2023-36486 | Unspecified vulnerability in Ilias The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename. | 7.2 |
| 2023-10-26 | CVE-2023-45868 | Path Traversal vulnerability in Ilias 7.25 The Learning Module in ILIAS 7.25 (2023-09-12 release) allows an attacker (with basic user privileges) to achieve a high-impact Directory Traversal attack on confidentiality and availability. | 8.1 |
| 2022-12-07 | CVE-2022-45915 | OS Command Injection vulnerability in Ilias ILIAS before 7.16 allows OS Command Injection. | 8.8 |
| 2021-05-13 | CVE-2020-23996 | Unspecified vulnerability in Ilias A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data. | 8.8 |
| 2020-11-10 | CVE-2020-25268 | Argument Injection or Modification vulnerability in Ilias 6.4.0 Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data. | 8.8 |