ILIAS before 7.16 allows External Control of File Name or Path.
Threat-Mapped Scoring
Score: 0.0
Priority: Unclassified
EPSS
Score: 0.00516
Percentile:
0.65699
CVSS Scoring
CVSS v3.1 Score: 6.5
Severity: MEDIUM
Mapped CWE(s)
-
CWE-610
: Externally Controlled Reference to a Resource in Another Sphere
All CAPEC(s)
-
CAPEC-219: XML Routing Detour Attacks
CAPEC(s) with Mapped TTPs
Mapped ATT&CK TTPs
Affected Products
- cpe:2.3:a:ilias:ilias:*:*:*:*:*:*:*:*
← Back to Home