CVE-2024-25270

Name of the Vulnerable Software and Affected Versions Mirapolis LMS version 4.6.XX

Description An issue in Mirapolis LMS allows authenticated users to exploit an Insecure Direct Object Reference (IDOR) vulnerability by manipulating the ID parameter and increment STEP parameter, leading to the exposure of sensitive user data.

Recommendations For Mirapolis LMS version 4.6.XX, as a temporary workaround, consider restricting access to the vulnerable functionality until a patch is available. Avoid manipulating the ID parameter and increment STEP parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.