[ilAdmins] ILIAS Security Issues: Self Registration and Course/File Import
mjansen at databay.de
Sat Mar 11 08:18:12 CET 2017
Dear list members,
several security issues have been identified (thanks to Nicolas Schäfli
[studer + raimann ag] and Johannes [KIT]) and fixed for ILIAS version
5.0, 5.1 and 5.2.
The first weakness was located in the code validation part of the self
The second type of vulnerability affected the XML import of course and
file objects. It was possible to copy arbitrary files into the media
object directory (course import), and to copy a source file to an
arbitrary location on the file system (file import).
We advise strongly to update your ILIAS installation to the latest
version. For more detailed explanations don't hesitate to contact us.
on behalf of the ILIAS e.V. and the Technical Board
More information about the ilias-admins