CVE-2026-12789 | ILIAS Learning Management System 11.0 Learning Progress Tracking class.ilTrQuery.php executeQueries troup_table_nav sql injection

A vulnerability was found in ILIAS Learning Management System 11.0 and classified as critical. This issue affects the function ilTrQuery::executeQueries of the file components/ILIAS/Tracking/classes/class.ilTrQuery.php of the component Learning Progress Tracking. Such manipulation of the argument troup_table_nav leads to sql injection.

This vulnerability is referenced as CVE-2026-12789. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More