Description
A vulnerability was identified in ILIAS Learning Management System 11.0. This issue affects the function ilTrQuery::executeQueries of the file components/ILIAS/Tracking/classes/class.ilTrQuery.php of the component Learning Progress Tracking. Such manipulation of the argument troup_table_nav leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-06-21
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is present in ILIAS Learning Management System 11.0, specifically in the function ilTrQuery::executeQueries within class.ilTrQuery.php. By manipulating the troup_table_nav argument, an attacker can inject and execute arbitrary SQL statements against the LMS database. This flaw can be used to read, modify, or delete sensitive data stored in the system, such as progress records or other course-related information. The issue is identified as CWE‑89 (SQL Injection) and also classified as CWE‑74 (Improper Neutralization of Special Elements used in Shell Commands).

Affected Systems

Affected installations are ILIAS Learning Management System version 11.0. The vulnerable executeQueries method is part of the Learning Progress Tracking component, and users of version 11.0 should verify whether their deployment includes this component and are therefore susceptible to the flaw.

Risk and Exploitability

The CVSS score for this vulnerability is 5.1, indicating moderate severity. The EPSS score is not available, so the current probability of exploitation is unknown; however, the description states that the exploit is publicly available and might be used, which suggests a realistic threat. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attack vector is remote, requiring only that the attacker can trigger the executeQueries function with a crafted troup_table_nav value, for example via a web request to the tracking module. No authentication or privileged access appears to be required beyond the ability to send requests to the LMS.

Generated by OpenCVE AI on June 21, 2026 at 11:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor‑issued patch or update that fixes the SQL injection in ilTrQuery::executeQueries.
  • Deploy a web application firewall or similar filtering solution to block unexpected SQL payloads in request parameters.
  • Monitor access logs for suspicious or malformed requests to the Tracking module and investigate any anomalies promptly.

Generated by OpenCVE AI on June 21, 2026 at 11:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 22 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 21 Jun 2026 09:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in ILIAS Learning Management System 11.0. This issue affects the function ilTrQuery::executeQueries of the file components/ILIAS/Tracking/classes/class.ilTrQuery.php of the component Learning Progress Tracking. Such manipulation of the argument troup_table_nav leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title ILIAS Learning Management System Learning Progress Tracking class.ilTrQuery.php executeQueries sql injection
First Time appeared Ilias
Ilias learning Management System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:ilias:learning_management_system:*:*:*:*:*:*:*:*
Vendors & Products Ilias
Ilias learning Management System
References
Metrics cvssV2_0

{'score': 5.8, 'vector': 'AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.7, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}


Subscriptions

Ilias Learning Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-22T10:56:23.458Z

Reserved: 2026-06-20T10:03:47.204Z

Link: CVE-2026-12789

cve-icon Vulnrichment

Updated: 2026-06-22T10:55:11.721Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-21T11:30:05Z

Weaknesses
  • CWE-74

    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')