Source |
CVE Liste |
Identifiant |
8400952 |
Date de publication |
2023-10-26 15:15:09 (vue: 2023-10-26 17:08:39) |
Titre |
CVE-2023-45869 |
Texte |
ILIAS 7.25 (2023-09-12) permet à tout utilisateur authentifié d'exécuter à distance les commandes du système d'exploitation arbitraire, lorsqu'un compte très privilégié accède à une charge utile XSS.The injected commands are executed via the exec() function in the execQuoted() method of the ilUtil class (/Services/Utilities/classes/class.ilUtil.php) This allows attackers to inject malicious commands into the system, potentially compromising the integrity, Confidentialité et disponibilité de l'installation ILIAS et du système d'exploitation sous-jacent.
ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec() function in the execQuoted() method of the ilUtil class (/Services/Utilities/classes/class.ilUtil.php) This allows attackers to inject malicious commands into the system, potentially compromising the integrity, confidentiality, and availability of the ILIAS installation and the underlying operating system. |
Envoyé |
Oui |
Condensat |
/services/utilities/classes/class 2023 45869 accesses account allows any arbitrary are attackers authenticated availability class commands compromising confidentiality cve exec execquoted execute executed function highly ilias ilutil inject injected installation integrity malicious method operating payload php potentially privileged remotely system underlying user when xss |
Tags |
|
Stories |
|
Notes |
|
Move |
|