CVE-2023-45867

Source
https://cve.org/CVERecord?id=CVE-2023-45867
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-45867.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-45867
Published
2023-10-26T15:15:08.900Z
Modified
2026-04-10T05:01:42.599318Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

ILIAS (2013-09-12 release) contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this to gain unauthorized access to and potentially retrieve confidential files stored on the web server. The attacker can access files that are readable by the web server user www-data; this may include sensitive configuration files and documents located outside the documentRoot. The vulnerability is exploited by an attacker who manipulates the file parameter in a URL, inserting directory traversal sequences in order to access unauthorized files. This manipulation allows the attacker to retrieve sensitive files, such as /etc/passwd, potentially compromising the system's security. This issue poses a significant risk to confidentiality and is remotely exploitable over the internet.

References

Affected packages

Git / github.com/ilias-elearning/ilias

Affected ranges

Type
GIT
Repo
https://github.com/ilias-elearning/ilias
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.25"
        }
    ]
}

Affected versions

v5.*
v5.1.0beta2
v5.3.0beta1
v7.*
v7.0
v7.0_beta1
v7.0_beta2
v7.1
v7.10
v7.13
v7.14
v7.17
v7.18
v7.19
v7.2
v7.21
v7.23
v7.24
v7.25
v7.3
v7.4
v7.6
v7.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-45867.json"