{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "7.0" }, { "fixed": "7.30" }, { "introduced": "8.0" }, { "fixed": "8.11" }, { "introduced": "0" }, { "last_affected": "9.0" } ] }, "events": [ { "introduced": "a69e33436c7961b4ae12398300443d952e02f4f2" }, { "fixed": "a6dff28dab7b15c7f75e0428729c5d7f98c04c3a" }, { "introduced": "8ae8387e9d7f958cf88a9dd37fd542195a473dd1" }, { "fixed": "15d9e8f67fe57711c5b1126e6066d19bbdf66956" }, { "introduced": "0" }, { "last_affected": "fde780b71853eddee7c2efc409b2f82335475cb7" } ], "repo": "https://github.com/ilias-elearning/ilias", "type": "GIT" } ] } ], "details": "ILIAS 7 before 7.30 and ILIAS 8 before 8.11 as well as ILIAS 9.0 allow remote authenticated attackers with administrative privileges to execute operating system commands via file uploads with dangerous types.", "id": "CVE-2024-33529", "modified": "2026-03-13T21:52:27.665581443Z", "published": "2024-05-21T15:15:29.290Z", "references": [ { "type": "FIX", "url": "https://docu.ilias.de/ilias.php?baseClass=illmpresentationgui\u0026cmd=layout\u0026ref_id=1719\u0026obj_id=170040" }, { "type": "EVIDENCE", "url": "https://insinuator.net/2024/05/security-advisory-achieving-php-code-execution-in-ilias-elearning-lms-before-v7-30-v8-11-v9-1/" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }