ILIAS before 7.16 allows External Control of File Name or Path.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/170181/ILIAS-eLearning-7.15-Command-Injection-XSS-LFI-Open-Redirect.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2022/Dec/7 | Exploit Mailing List Third Party Advisory |
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-ilias-elearning-platform/ | Third Party Advisory |
Configurations
History
09 Feb 2024, 02:38
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-610 |
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-668 |
Information
Published : 2022-12-07 01:15
Updated : 2024-02-28 19:51
NVD link : CVE-2022-45918
Mitre link : CVE-2022-45918
CVE.ORG link : CVE-2022-45918
JSON object : View
Products Affected
ilias
- ilias
CWE
CWE-610
Externally Controlled Reference to a Resource in Another Sphere