Email Address Change Vulnerability in ILIAS

Email Address Change Vulnerability in ILIAS

CVE-2022-31266 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts.

Learn more about our Web Application Penetration Testing UK.