CVE-2023-45868

Name of the Vulnerable Software and Affected Versions ILIAS version 7.25

Description The issue exists due to incorrect restriction of the path name to a directory with limited access in the Learning Module component of the ILIAS learning management system. Exploitation of this issue may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. By exploiting this network-based vulnerability, an attacker can move specified directories, normally outside the documentRoot, to a publicly accessible location via the PHP function rename(). This results in a total loss of confidentiality, exposing sensitive resources, and potentially denying access to the affected component and the operating system's components. To exploit this, an attacker must manipulate a POST request during the creation of an exercise unit, by modifying the old name and new name parameters via directory traversal.

Recommendations For ILIAS version 7.25, as a temporary workaround, consider restricting access to the Learning Module component until a patch is available. Avoid using the old name and new name parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.