VYPR
Unrated severityNVD Advisory· Published Mar 2, 2014· Updated Jun 17, 2026

CVE-2014-2088

CVE-2014-2088

Description

Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 allows remote authenticated users to execute arbitrary PHP code by using a .php filename in an upload_files action to the uploadFiles command, and then accessing the .php file via a direct request to a certain client_id pathname.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Ilias/Ilias2 versions
    cpe:2.3:a:ilias:ilias:4.4.1:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:ilias:ilias:4.4.1:*:*:*:*:*:*:*
    • (no CPE)range: =4.4.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.