CVE-2020-23996

EUVD-2020-16732
A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
Affected Products (NVD)
VendorProductVersion
iliasilias
𝑥
< 5.3.19
iliasilias
5.4.0 ≤
𝑥
< 5.4.10
𝑥
= Vulnerable software versions
References
https://docu.ilias.de/goto_docu_pg_118817_35.html
https://docu.ilias.de/goto_docu_pg_118823_35.html
https://docu.ilias.de/goto_docu_pg_122177_35.html
https://github.com/ILIAS-eLearning/ILIAS/commit/6717c4ecc6d076154ce185f1ea052f07f37e3537
https://docu.ilias.de/goto_docu_pg_118817_35.html
https://docu.ilias.de/goto_docu_pg_118823_35.html
https://docu.ilias.de/goto_docu_pg_122177_35.html
https://github.com/ILIAS-eLearning/ILIAS/commit/6717c4ecc6d076154ce185f1ea052f07f37e3537