Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to download non-purchased course files via a modified id parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-538,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| wisetail | learning_management_system | * |
Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to access non-purchased course contents (quiz / test) via a modified id parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-639,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| wisetail | learning_management_system | * |