[ilAdmins] ILIAS Security Issues: Self Registration and Course/File Import

Michael Jansen mjansen at databay.de
Sat Mar 11 08:18:12 CET 2017


Dear list members,

several security issues have been identified (thanks to Nicolas Schäfli 
[studer + raimann ag] and Johannes [KIT]) and fixed for ILIAS version 
5.0, 5.1 and 5.2.

The first weakness was located in the code validation part of the self 
registration.
The second type of vulnerability affected the XML import of course and 
file objects. It was possible to copy arbitrary files into the media 
object directory (course import), and to copy a source file to an 
arbitrary location on the file system (file import).

We advise strongly to update your ILIAS installation to the latest 
version. For more detailed explanations don't hesitate to contact us.

Best regards,
Michael Jansen

on behalf of the ILIAS e.V. and the Technical Board


More information about the ilias-admins mailing list