PT-2000-1561 · Blackboard · Blackboard Courseinfo

Published

2000-07-18

Updated

2017-10-10

CVE-2000-0627

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions BlackBoard CourseInfo version 4.0

Description The issue concerns improper user authentication, allowing local users to modify database information and gain privileges. This can be achieved by directly calling supporting CGI programs, such as user update passwd.pl and user update admin.pl.

Recommendations For BlackBoard CourseInfo version 4.0, consider restricting access to the CGI programs user update passwd.pl and user update admin.pl to prevent unauthorized modifications to the database. Additionally, review and strengthen the authentication mechanism to ensure proper validation of user credentials.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2000-0627

Affected Products

Blackboard Courseinfo

PT-2000-1561 · Blackboard · Blackboard Courseinfo

CVE-2000-0627

Related Identifiers

Affected Products

References · 6