2 matches found
CVE-2018-16970
CVE-2018-16970 affects Wisetail Learning Ecosystem (LE) up to version 4.11.6, where an insecure direct object reference (IDOR) enables downloading non-purchased course files by modifying the id parameter. The connected PacketStorm entry corroborates multiple IDOR vulnerabilities affecting LE ≤ 4....
CVE-2018-16971
Wisetail Learning Ecosystem (LE) up to version 4.11.6 suffers from an insecure direct object reference (IDOR) vulnerability that allows an attacker to access non-purchased course contents (quiz/test) by altering the id parameter. The root cause is improper access control for object references, en...