PT-2020-16052 · Ilias · Ilias

Published

2020-11-10

Updated

2021-07-21

CVE-2020-25268

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ILIAS version 6.4

Description Remote Code Execution can occur via the external news feed in ILIAS because of incorrect parameter sanitization for Magpie RSS data.

Recommendations For ILIAS version 6.4, update to a version that addresses the incorrect parameter sanitization issue to prevent Remote Code Execution via the external news feed. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Argument Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-88

Related Identifiers

CVE-2020-25268

Affected Products

Ilias

PT-2020-16052 · Ilias · Ilias

CVE-2020-25268

Weakness Enumeration

Related Identifiers

Affected Products

References · 5