| タイトル | LearnHouse learnhouse 98dfad76aad70711a8113f6c1fdabfccf10509ca Insecure Direct Object Reference (IDOR) |
|---|
| 説明 | Attack Vector: Remote
Complexity: Low
Authentication Required: None
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: None
A vulnerability has been discovered in LearnHouse LMS affecting all versions up to commit 98dfad7. The vulnerability exists in the static file serving mechanism for the /content/orgs/*/courses/*/assignments/*/subs/* route, which serves student assignment submissions without implementing authentication or authorization checks. An unauthenticated attacker can access any uploaded assignment file by constructing the direct URL path, leading to unauthorized disclosure of sensitive academic materials. The vulnerability has been publicly disclosed. |
|---|
| ソース | ⚠️ https://gist.github.com/KhanMarshaI/f71f86fbd5d8e8363f9113a8c054c28b |
|---|
| ユーザー | KhanMarshal (UID 89610) |
|---|
| 送信 | 2025年10月13日 11:58 (6 月 ago) |
|---|
| モデレーション | 2025年10月26日 17:01 (13 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 329942 [LearnHouse 迄 98dfad76aad70711a8113f6c1fdabfccf10509ca Student Assignment Submission sub_file 特権昇格] |
|---|
| ポイント | 20 |
|---|