RSS   Vulnerabilities for 'Learning management system'   RSS

2018-09-12
 
CVE-2018-16971

CWE-200
 

 
Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to access non-purchased course contents (quiz / test) via a modified id parameter.

 
 
CVE-2018-16970

CWE-538
 

 
Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to download non-purchased course files via a modified id parameter.

 


Copyright 2019, cxsecurity.com

 

Back to Top