ILIAS Certificate Import code injection

A vulnerability was detected in ILIAS up to 8.23/9.13/10.1. Affected by this vulnerability is an unknown functionality of the component Certificate Import Handler. The manipulation results in Remote Code Execution. The attack may be performed from remote. Upgrading to version 8.24, 9.14 and 10.2 addresses this issue. It is recommended to upgrade the affected component.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

对生成代码的控制不恰当(代码注入)

ILIAS 代码注入漏洞

ILIAS是ILIAS开源的一套开源的学习管理系统。 ILIAS 8.23及之前版本、9.13及之前版本和10.1及之前版本存在代码注入漏洞，该漏洞源于证书导入处理程序存在缺陷，可能导致远程代码执行。

N/A

N/A