CVE-2013-3601

Name of the Vulnerable Software and Affected Versions Coursemill Learning Management System (LMS) version 6.6

Description The issue allows remote authenticated users to perform arbitrary JSP operations by leveraging the Student role and providing an op parameter. This is due to the system not properly restricting JSP function calls.

Recommendations For version 6.6, restrict access to JSP function calls for users with the Student role to prevent arbitrary operations. Consider temporarily disabling the op parameter in affected JSP operations until a proper fix is applied.