제출 #664891: ILIAS open source e-Learning e. V. ILIAS >=8.0.0, <=10.1 Deserialization정보

제목ILIAS open source e-Learning e. V. ILIAS >=8.0.0, <=10.1 Deserialization
설명Authenticated Remote Code Execution in ILIAS Test import via PHP Unserialize Attacker-supplied import XML is passed to unserialize() in ilObjTestXMLParser, allowing a crafted object payload (Monolog gadget chain) to trigger code execution during import. CVSS Score: 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
원천⚠️ https://docu.ilias.de/go/blog/15821/882
사용자
 rehme_srlabs (UID 84282)
제출2025. 09. 29. AM 09:42 (8 개월 ago)
모더레이션2025. 10. 06. AM 08:15 (7 days later)
상태수락
VulDB 항목327230 [ILIAS 까지 8.23/9.13/10.1 Test Import unserialize 권한 상승]
포인트들19

이전개요다음

Do you need the next level of professionalism?

Upgrade your account now!