Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Coursemill Learning Management System (LMS) 6.6 does not properly restrict JSP function calls, which allows remote authenticated users to perform arbitrary JSP operations by leveraging the Student role and providing an op parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Trivantis CourseMill Learning Management System 安全绕过漏洞
Vulnerability Description
CourseMill Learning Management System(LMS)是美国Trivantis公司的一套学习管理系统。该系统可实现全时课程托管、学员注册和追踪、培训管理等功能。 Coursemill LMS 6.6版本中存在安全漏洞,该漏洞源于程序没有正确限制JavaServer Pages(JSP)页面上的函数调用。远程经过授权的攻击者可借助Student角色并提供‘op’参数,利用该漏洞执行任意JSP操作。
CVSS Information
N/A
Vulnerability Type
N/A