Home > Vulnerability Database > CVE-2023-45869

Mend.io Vulnerability Database

CVE-2023-45869

Date: October 25, 2023

ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec() function in the execQuoted() method of the ilUtil class (/Services/Utilities/classes/class.ilUtil.php) This allows attackers to inject malicious commands into the system, potentially compromising the integrity, confidentiality, and availability of the ILIAS installation and the underlying operating system.

Language: PHP

Severity Score

9.0

Related Resources (4)

Url: https://rehmeinfosec.de/report/358ad5f6-f712-4f74-a5ee-476efc856cbc/

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-45869

Url: https://rehmeinfosec.de/labor/cve-2023-45869

Url: https://www.mend.io/vulnerability-database/CVE-2023-45869

Severity Score

9.0

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	9.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-45869

Date: October 25, 2023

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?