Impact
The vulnerability is present in ILIAS Learning Management System 11.0, specifically in the function ilTrQuery::executeQueries within class.ilTrQuery.php. By manipulating the troup_table_nav argument, an attacker can inject and execute arbitrary SQL statements against the LMS database. This flaw can be used to read, modify, or delete sensitive data stored in the system, such as progress records or other course-related information. The issue is identified as CWE‑89 (SQL Injection) and also classified as CWE‑74 (Improper Neutralization of Special Elements used in Shell Commands).
Affected Systems
Affected installations are ILIAS Learning Management System version 11.0. The vulnerable executeQueries method is part of the Learning Progress Tracking component, and users of version 11.0 should verify whether their deployment includes this component and are therefore susceptible to the flaw.
Risk and Exploitability
The CVSS score for this vulnerability is 5.1, indicating moderate severity. The EPSS score is not available, so the current probability of exploitation is unknown; however, the description states that the exploit is publicly available and might be used, which suggests a realistic threat. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attack vector is remote, requiring only that the attacker can trigger the executeQueries function with a crafted troup_table_nav value, for example via a web request to the tracking module. No authentication or privileged access appears to be required beyond the ability to send requests to the LMS.
OpenCVE Enrichment