Описание
Creativeitem Academy LMS up to and including 5.13 contains a privilege escalation vulnerability in the Api_instructor controller where regular authenticated users can access instructor-only functions without proper role validation, allowing unauthorized course creation and management.
Ссылки
- ExploitMitigationThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.13 (включая)
cpe:2.3:a:creativeitem:academy_lms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 19%
0.0006
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-269
Связанные уязвимости
CVSS3: 6.5
github
4 месяца назад
Creativeitem Academy LMS up to and including 5.13 contains a privilege escalation vulnerability in the Api_instructor controller where regular authenticated users can access instructor-only functions without proper role validation, allowing unauthorized course creation and management.
EPSS
Процентиль: 19%
0.0006
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-269