Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec() function in the execQuoted() method of the ilUtil class (/Services/Utilities/classes/class.ilUtil.php) This allows attackers to inject malicious commands into the system, potentially compromising the integrity, confidentiality, and availability of the ILIAS installation and the underlying operating system.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
ILIAS 安全漏洞
Vulnerability Description
ILIAS是一套开源的学习管理系统。 ILIAS 7.25版本存在安全漏洞,该漏洞源于允许任何经过身份验证的用户远程执行任意操作系统命令。
CVSS Information
N/A
Vulnerability Type
N/A