CVE-2020-36944 MEDIUM

CVE-2020-36944: ILIAS Learning Management System 4.3 - SSRF

Vendor Ilias.de
Product ILIAS Learning Management System
Weakness CWE-918 · SSRF
Published January 28, 2026
Last update March 5, 2026

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L

What the vulnerability does

01Description

ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that allows attackers to read local files through portfolio PDF export functionality. Attackers can inject a script that uses XMLHttpRequest to retrieve local file contents when the portfolio is exported to PDF.

Key dates

02Disclosure timeline

January 28, 2026 CVE published
March 5, 2026 Record updated