CVE-2020-23996

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-23996

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-23996.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-23996

Published

2021-05-13T20:15:08Z

Modified

2025-10-21T02:34:50Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data.

References

https://docu.ilias.de/goto_docu_pg_118817_35.html
https://docu.ilias.de/goto_docu_pg_118823_35.html
https://docu.ilias.de/goto_docu_pg_122177_35.html
https://github.com/ILIAS-eLearning/ILIAS/commit/6717c4ecc6d076154ce185f1ea052f07f37e3537

Affected packages

Git / github.com/ilias-elearning/ilias

Affected ranges

Type: GIT
Repo: https://github.com/ilias-elearning/ilias
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6717c4ecc6d076154ce185f1ea052f07f37e3537