| 제목 | LearnHouse learnhouse 98dfad76aad70711a8113f6c1fdabfccf10509ca Insecure Direct Object Reference (IDOR) |
|---|
| 설명 | Attack Vector: Remote
Complexity: Low
Authentication Required: None
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: None
A vulnerability has been discovered in LearnHouse LMS affecting all versions up to commit 98dfad7. The vulnerability exists in the static file serving mechanism for the /content/orgs/*/courses/*/assignments/*/subs/* route, which serves student assignment submissions without implementing authentication or authorization checks. An unauthenticated attacker can access any uploaded assignment file by constructing the direct URL path, leading to unauthorized disclosure of sensitive academic materials. The vulnerability has been publicly disclosed. |
|---|
| 원천 | ⚠️ https://gist.github.com/KhanMarshaI/f71f86fbd5d8e8363f9113a8c054c28b |
|---|
| 사용자 | KhanMarshal (UID 89610) |
|---|
| 제출 | 2025. 10. 13. AM 11:58 (6 개월 ago) |
|---|
| 모더레이션 | 2025. 10. 26. PM 05:01 (13 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 329942 [LearnHouse 까지 98dfad76aad70711a8113f6c1fdabfccf10509ca Student Assignment Submission sub_file 권한 상승] |
|---|
| 포인트들 | 20 |
|---|