CVE-2020-23996

A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
iliasilias
𝑥
< 5.3.19
iliasilias
5.4.0 ≤
𝑥
< 5.4.10
𝑥
= Vulnerable software versions
References
https://docu.ilias.de/goto_docu_pg_118817_35.html
https://docu.ilias.de/goto_docu_pg_118823_35.html
https://docu.ilias.de/goto_docu_pg_122177_35.html
https://github.com/ILIAS-eLearning/ILIAS/commit/6717c4ecc6d076154ce185f1ea052f07f37e3537
https://docu.ilias.de/goto_docu_pg_118817_35.html
https://docu.ilias.de/goto_docu_pg_118823_35.html
https://docu.ilias.de/goto_docu_pg_122177_35.html
https://github.com/ILIAS-eLearning/ILIAS/commit/6717c4ecc6d076154ce185f1ea052f07f37e3537