CVE-2023-36486

Published: 2023-12-25T08:15Z

Last Modified: 2024-11-21T08:09Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt