6 matches found
CVE-2018-16970
Wisetail Learning Ecosystem LE through v4.11.6 allows insecure direct object reference IDOR attacks to download non-purchased course files via a modified id parameter...
Design/Logic Flaw
Wisetail Learning Ecosystem LE through v4.11.6 allows insecure direct object reference IDOR attacks to access non-purchased course contents quiz / test via a modified id parameter...
Design/Logic Flaw
Wisetail Learning Ecosystem LE through v4.11.6 allows insecure direct object reference IDOR attacks to download non-purchased course files via a modified id parameter...
CVE-2018-16970
Wisetail Learning Ecosystem LE through v4.11.6 allows insecure direct object reference IDOR attacks to download non-purchased course files via a modified id parameter...
CVE-2018-16971
Wisetail Learning Ecosystem (LE) up to version 4.11.6 suffers from an insecure direct object reference (IDOR) vulnerability that allows an attacker to access non-purchased course contents (quiz/test) by altering the id parameter. The root cause is improper access control for object references, en...
CVE-2018-16970
CVE-2018-16970 affects Wisetail Learning Ecosystem (LE) up to version 4.11.6, where an insecure direct object reference (IDOR) enables downloading non-purchased course files by modifying the id parameter. The connected PacketStorm entry corroborates multiple IDOR vulnerabilities affecting LE ≤ 4....