Blackboard Learn version 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL.
Additional Information
Step 1: Use a student credentials privilege. Username: ********** & Password: **********, to login.
Step 2: After successfully login by "STUDENT" account privilege.
Step 3: Then request "URL / Location of vulnerability".
Step 4: Directly without any privilege requirements you will escalated the session from "Student" to "Contest Management System" privileges.
Vulnerability Type
Sensitive Data Exposure
Vendor of Product
Blackboard Learn LMS
Affected Product Code Base
LMS - 1.10.1
CMSMAIN - 1.10.1
Attack Type
Remote
Impact Escalation of Privileges
true
Impact Information Disclosure
true
Attack Vectors
Impact 1: View systems directories such as courses , institution, library and orgs directories & its contains.
Impact 2: Basic & Advance searching over courses , institution, library and orgs directories.
Impact 3: Searching & view about Blackboard LMS institution users.
Impact 4: Download files.