CVE-2022-31478

CVE-2022-31478

EPSS 0.6%

The UserTakeOver plugin before 4.0.1 for ILIAS allows an attacker to list all users via the search function.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/srsolutionsag/UserTakeOver https://medium.com/%40bcksec/ilias-lms-usertakeover-4-0-1-vulnerability-b2824679403