Отправить #664892: ILIAS open source e-Learning e. V. ILIAS >=8.0.0, <=10.1 DeserializationИнформация

Название	ILIAS open source e-Learning e. V. ILIAS >=8.0.0, <=10.1 Deserialization
Описание	Authenticated Remote Code Execution in ILIAS Assessment via unsafe deserialization of f_settings URL parameter a Base64-encoded serialized object passed via the f_settings parameter is decoded and passed to unserialize() without restrictions, allowing a crafted gadget chain to execute arbitrary code via POST request. CVSS Score: 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Источник	⚠️ https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2113
Пользователь	rehme_srlabs (UID 84282)
Представление	29.09.2025 09:49 (8 месяцы назад)
Модерация	06.10.2025 08:15 (7 days later)
Статус	принято
Запись VulDB	327231 [ILIAS до 8.23/9.13/10.1 Base64 Decoding unserialize f_settings эскалация привилегий]
Баллы	20

Want to know what is going to be exploited?

We predict KEV entries!