| Título | LearnHouse learnhouse 98dfad76aad70711a8113f6c1fdabfccf10509ca Insecure Direct Object Reference (IDOR) |
|---|
| Descrição | Attack Vector: Remote
Complexity: Low
Authentication Required: None
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: None
A vulnerability has been discovered in LearnHouse LMS affecting all versions up to commit 98dfad7. The vulnerability exists in the static file serving mechanism for the /content/orgs/*/courses/*/assignments/*/subs/* route, which serves student assignment submissions without implementing authentication or authorization checks. An unauthenticated attacker can access any uploaded assignment file by constructing the direct URL path, leading to unauthorized disclosure of sensitive academic materials. The vulnerability has been publicly disclosed. |
|---|
| Fonte | ⚠️ https://gist.github.com/KhanMarshaI/f71f86fbd5d8e8363f9113a8c054c28b |
|---|
| Utilizador | KhanMarshal (UID 89610) |
|---|
| Submissão | 13/10/2025 11h58 (há 6 meses) |
|---|
| Moderação | 26/10/2025 17h01 (13 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 329942 [LearnHouse até 98dfad76aad70711a8113f6c1fdabfccf10509ca Student Assignment Submission sub_file Elevação de Privilégios] |
|---|
| Pontos | 20 |
|---|