mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-05 10:17:57 +00:00
993 B
993 B
CVE-2023-45869
Description
ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec() function in the execQuoted() method of the ilUtil class (/Services/Utilities/classes/class.ilUtil.php) This allows attackers to inject malicious commands into the system, potentially compromising the integrity, confidentiality, and availability of the ILIAS installation and the underlying operating system.
POC
Reference
Github
No PoCs found on GitHub currently.