Dear list members,

several security issues have been identified (thanks to Nicolas Schäfli [studer + raimann ag] and Johannes [KIT]) and fixed for ILIAS version 5.0, 5.1 and 5.2.

The first weakness was located in the code validation part of the self registration. The second type of vulnerability affected the XML import of course and file objects. It was possible to copy arbitrary files into the media object directory (course import), and to copy a source file to an arbitrary location on the file system (file import).

We advise strongly to update your ILIAS installation to the latest version. For more detailed explanations don't hesitate to contact us.

Best regards, Michael Jansen

on behalf of the ILIAS e.V. and the Technical Board