Ilias : Security Vulnerabilities, CVEs, Published In 2014

CVE-2014-2090

Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in ILIAS 4.4.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tar, (2) tar_val, or (3) title parameter.
Max CVSS
3.5
EPSS Score
0.08%
Published
2014-03-02
Updated
2014-03-03

CVE-2014-2089

ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via an e-mail attachment that leads to creation of a .php file with a certain client_id pathname.
Max CVSS
6.8
EPSS Score
0.86%
Published
2014-03-02
Updated
2014-03-03

CVE-2014-2088

Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 allows remote authenticated users to execute arbitrary PHP code by using a .php filename in an upload_files action to the uploadFiles command, and then accessing the .php file via a direct request to a certain client_id pathname.
Max CVSS
6.5
EPSS Score
0.31%
Published
2014-03-02
Updated
2014-03-03
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close