ilias

Top products

The 15 most recently published vulnerabilities affecting ilias.

• CVE-2026-12789ILIAS Learning Management System Learning Progress Tracking class.ilTrQuery.php executeQueries sql injection4.7Jun 21, 2026
• CVE-2020-36944ILIAS Learning Management System 4.3 - SSRF4.0Jan 28, 2026
• CVE-2025-11346ILIAS Base64 Decoding unserialize deserialization6.3Oct 6, 2025
• CVE-2025-11345ILIAS Test Import unserialize deserialization5.5Oct 6, 2025
• CVE-2025-11344ILIAS Certificate Import code injection6.3Oct 6, 2025
• CVE-2024-33527A Stored Cross-site Scripting (XSS) vulnerability in the "Import of Users and login name of user" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with a...5.4May 21, 2024
• CVE-2024-33526A Stored Cross-site Scripting (XSS) vulnerability in the "Import of user role and title of user role" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers wi...7.1May 21, 2024
• CVE-2024-33529ILIAS 7 before 7.30 and ILIAS 8 before 8.11 as well as ILIAS 9.0 allow remote authenticated attackers with administrative privileges to execute operating system commands via file uploads with dange...7.2May 21, 2024
• CVE-2024-33528A Stored Cross-site Scripting (XSS) vulnerability in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with tutor privileges to inject arbitrary web script or HTML v...4.7May 21, 2024
• CVE-2023-36486The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflo...7.2Dec 25, 2023
• CVE-2023-36485The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 ...7.2Dec 25, 2023
• CVE-2023-45869ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are ex...9.0Oct 26, 2023
• CVE-2023-45868The Learning Module in ILIAS 7.25 (2023-09-12 release) allows an attacker (with basic user privileges) to achieve a high-impact Directory Traversal attack on confidentiality and availability. By ex...8.1Oct 26, 2023
• CVE-2023-45867ILIAS (2013-09-12 release) contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the...6.5Oct 26, 2023
• CVE-2023-36488ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to stored Cross Site Scripting (XSS).5.4Jun 29, 2023