ILIAS Learning Management System 4.3 - SSRF | Advisories

Advisories

ILIAS Learning Management System 4.3 - SSRF

severity: medium
date: January 28, 2026
Affecting: ILIAS Learning Management System 4.3-5.1
CVE: CVE-2020-36944
CWE: CWE-918 Server-Side Request Forgery (SSRF)
CVSS: 6.9
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L
References: ExploitDB-49148
ILIAS Official Vendor Homepage
ILIAS GitHub Repository
Credit: Dot/kx1z0
Description: ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that allows attackers to read local files through portfolio PDF export functionality. Attackers can inject a script that uses XMLHttpRequest to retrieve local file contents when the portfolio is exported to PDF.