[ilAdmins] ILIAS Security Issue: QTI Import

Dear list members,

a security issue has been identified (big thanks to Thomas Hufschmidt) and fixed for ILIAS version 5.0 and 5.1. For version 5.2.0, the issue was already fixed at the time it was released.

The vulnerability was located in the QTI import of *-choice questions with images used as answer options and existed since the initial implementation of QTI export/import.

We advise strongly to update your ILIAS installation to the latest version (5.0.19, 5.1.15). For more detailed explanations don't hesitate to contact me.

Best regards, Michael Jansen

on behalf of the ILIAS e.V. and the Technical Board