The workflow-engine of ILIAS before 7.23 and 8 before 8.3...
High severity
Unreviewed
Published
Dec 25, 2023
to the GitHub Advisory Database
•
Updated Jan 12, 2024
Description
Published by the National Vulnerability Database
Dec 25, 2023
Published to the GitHub Advisory Database
Dec 25, 2023
Last updated
Jan 12, 2024
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename.
References