PT-2018-13805 · Wisetail · Wisetail Learning Ecosystem

Published

2018-09-12

Updated

2020-08-24

CVE-2018-16971

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Wisetail Learning Ecosystem (LE) versions through 4.11.6

Description The issue allows for insecure direct object reference (IDOR) attacks, enabling access to non-purchased course contents, such as quizzes or tests, by modifying the id parameter.

Recommendations For versions through 4.11.6, avoid using the modified id parameter to access non-purchased course contents until a fix is available. As a temporary workaround, consider restricting access to the affected course contents to minimize the risk of exploitation.

Exploit

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2018-16971

Affected Products

Wisetail Learning Ecosystem

PT-2018-13805 · Wisetail · Wisetail Learning Ecosystem

CVE-2018-16971

Weakness Enumeration

Related Identifiers

Affected Products

References · 3