Contact

If you have any questions or suggestions, please contact me at research@rehmeinfosec.de.

For end-to-end encrypted communication, the PGP key can be downloaded here.

Publications / Research

Security Lab

On this page, I share the results of my security research. I adhere to the principles of responsible disclosure, ensuring that vendors receive all relevant information and sufficient time to verify and address vulnerabilities before public release. My aim is to support the integrity and security of affected systems through the coordinated publication of these findings.

Latest Publications

Remote Code Execution und .htaccess Bypass in ILIAS eLearning platform
19.02.2024 - CVE-2024-XXXXX
9.4 Critical(CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)
Multiple XSS Vulnerabilities in ILIAS eLearning platform
18.02.2024 - CVE-2024-XXXXX
4.8 Medium(CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:L)
Remote Code Execution in Stud.IP (eLearning platform)
08.01.2024 - CVE-2023-50982
9.3 Critical(CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)
RoundCube 1.6.4 and 1.5.5 - Cross Site Scripting (XSS)
01.01.2024 - CVE-2023-47272
6.1 Medium(CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Local File Inclusion to Arbitrary File Copy in ILIAS eLearning platform
27.10.2023 - CVE-2023-45868
8.1 High(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)
OS Command Injection in ILIAS eLearning platform
27.10.2023 - CVE-2023-45869
9.0 Critical(CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
Local File Inclusion in ILIAS eLearning platform
26.10.2023 - CVE-2023-45867
6.5 Medium(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)