OpenOLAT is a web-based e-learning platform for teaching, learning, assessing and communicating with an LMS, a learning management system. a security vulnerability exists in versions of OpenOlat prior to 15.5.12 and 16.0.5, which stems from the fact that by providing a file name containing a relative path as a parameter in certain REST methods, it is possible to create a directory structure and write to a file anywhere on the target system. directory structure and write files to any location on the target system. No details of the vulnerability are currently available.