Security-Blog
ILIAS 9.20
Following 9 security issues have been resolved:
0046938: Geshi: Ignore security advisory PKSA-ns3q-qtk3-d35r (issue does not apply to ILIAS)
0047258: SOAP: Unauthorized function call
0047472: SQL injection in SOAP
0047581: Broken Access Control in SOAP
0047691: SQL injection in ILIAS MyStaff
0047692: Fixes a path traversal vulnerability in the custom icon upload
0047770: Tracking: validate sort field from LP participants table
0047778: Authenticated SQLi in SCORM2004
0047787: Add an AccessControl-Check to TileImageUploadHandler
Affected Version(s) | 9.19 |
Fixed Version(s) | 9.20 |
CVSS Score 4.0 | - |
Reported By | - |
Affected Version(s) | 9.19, 10.7, 11.0 |
Fixed Version(s) | 9.20, 10.8, 11.1, 12.0 Alpha |
CVSS Score 4.0 | 6.9 |
Reported By | Abdelwahed (Codean Labs) |
Affected Version(s) | 9.19, 10.7, 11.0 |
Fixed Version(s) | 9.20, 10.8, 11.1, 12.0 Alpha |
CVSS Score 4.0 | 7.1 |
Reported By | André Schweigert (FAU|ILIAS) |
Affected Version(s) | 9.19, 10.7, 11.0 |
Fixed Version(s) | 9.20, 10.8, 11.1, 12.0 Alpha |
CVSS Score 4.0 | 8.7 |
Reported By | André Schweigert ( FAU | ILIAS ) |
Affected Version(s) | 9.19, 10.7, 11.0 |
Fixed Version(s) | 9.20, 10.8, 11.1, 12.0 Alpha |
CVSS Score 4.0 | 9.3 |
Reported By | Jan Kahmen Co-Founder, Managing Partner (turingpoint GmbH) |
Affected Version(s) | 9.19, 10.7, 11.0 |
Fixed Version(s) | 9.20, 10.8, 11.1, 12.0 Alpha |
CVSS Score 4.0 | - |
Reported By | Ilja Lukin, Fachhochschule Dortmund University of Applied Sciences and Arts |
Affected Version(s) | 9.19, 10.7, 11.0 |
Fixed Version(s) | 9.20, 10.8, 11.1, 12.0 Alpha |
CVSS Score 4.0 | 8.5 |
Reported By | André Schweigert (FAU|ILIAS) |
Affected Version(s) | 9.19, 10.7, 11.0 |
Fixed Version(s) | 9.20, 10.8, 11.1, 12.0 Alpha |
CVSS Score 4.0 | 8.1 |
Reported By | André Schweigert (FAU|ILIAS) |
Affected Version(s) | 9.19, 10.7, 11.0 |
Fixed Version(s) | 9.20, 10.8, 11.1, 12.0 Alpha |
CVSS Score 4.0 | 9.8 |
Reported By | Johannes Heidtmann and Philipp Schur of larp.win |