提交 #664891: ILIAS open source e-Learning e. V. ILIAS >=8.0.0, <=10.1 Deserialization信息

标题ILIAS open source e-Learning e. V. ILIAS >=8.0.0, <=10.1 Deserialization
描述Authenticated Remote Code Execution in ILIAS Test import via PHP Unserialize Attacker-supplied import XML is passed to unserialize() in ilObjTestXMLParser, allowing a crafted object payload (Monolog gadget chain) to trigger code execution during import. CVSS Score: 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
来源⚠️ https://docu.ilias.de/go/blog/15821/882
用户
 rehme_srlabs (UID 84282)
提交2025-09-29 09時42分 (8 月前)
管理2025-10-06 08時15分 (7 days later)
状态已接受
VulDB条目327230 [ILIAS 直到 8.23/9.13/10.1 Test Import unserialize 权限提升]
积分19

上一步一览下一步

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!