Headline
CVE-2022-39196: GitHub - DayiliWaseem/CVE-2022-39196-: Black board CMS Escalation of Privileges
Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL.
CVE-2022-39196****Black board CMS Escalation of Privileges****Blackboard Learn version 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL.****Additional Information
Step 1: Use a student credentials privilege. Username: ********** & Password: **********, to login.
Step 2: After successfully login by "STUDENT" account privilege.
Step 3: Then request "URL / Location of vulnerability".
Step 4: Directly without any privilege requirements you will escalated the session from "Student" to "Contest Management System" privileges.
Vulnerability Type****Vendor of Product****Affected Product Code Base
LMS - 1.10.1
CMSMAIN - 1.10.1
Attack Type****Impact Escalation of Privileges****Impact Information Disclosure****Attack Vectors
Impact 1: View systems directories such as courses , institution, library and orgs directories & its contains.
Impact 2: Basic & Advance searching over courses , institution, library and orgs directories.
Impact 3: Searching & view about Blackboard LMS institution users.
Impact 4: Download files.
Reference
https://drive.google.com/drive/folders/1gonDDt0sCkpMdPDu_ZVwZ7EfLC8Z4JVn?usp=sharing
Has vendor confirmed or acknowledged the vulnerability?****Discoverer