CVE-2020-36944
Published
CVSS v3
4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that allows attackers to read local files through portfolio PDF export functionality. Attackers can inject a script that uses XMLHttpRequest to retrieve local file contents when the portfolio is exported to PDF.
GitHub repository for official ILIAS release branches and development branches (trunk)
GitHub