CVE-2024-33529

Name of the Vulnerable Software and Affected Versions ILIAS versions 7.0 through 7.29 ILIAS versions 8.0 through 8.10 ILIAS version 9.0

Description The issue allows remote authenticated attackers with administrative privileges to execute operating system commands via file uploads with dangerous types. This can be achieved by uploading files of certain types that are not properly validated, leading to potential system compromise.

Recommendations For ILIAS versions 7.0 through 7.29, update to version 7.30 or later. For ILIAS versions 8.0 through 8.10, update to version 8.11 or later. For ILIAS version 9.0, consider restricting file uploads or disabling administrative privileges until a patch is available. As a temporary workaround, consider disabling the file upload feature for administrative users to minimize the risk of exploitation.