3 matches found
CVE-2013-3601
Coursemill Learning Management System LMS 6.6 does not properly restrict JSP function calls, which allows remote authenticated users to perform arbitrary JSP operations by leveraging the Student role and providing an op parameter...
CVE-2013-3601
Coursemill Learning Management System LMS 6.6 does not properly restrict JSP function calls, which allows remote authenticated users to perform arbitrary JSP operations by leveraging the Student role and providing an op parameter...
CVE-2013-3601
Affected software: Coursemill Learning Management System (LMS) 6.6. Vulnerability: inadequate restriction of JSP function calls allows remote authenticated users (via Student role) to perform arbitrary JSP operations by supplying an op parameter. Impact: privilege escalation to execute restricted...