Arbitrary Code Execution via Personal Data Import in ILIAS

CVE-2020-23996 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data.

Learn more about our Web Application Penetration Testing UK.