| Title | LearnHouse learnhouse 98dfad76aad70711a8113f6c1fdabfccf10509ca Insecure Direct Object Reference (IDOR) |
|---|
| Description | Attack Vector: Remote
Complexity: Low
Authentication Required: None
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: None
A vulnerability has been discovered in LearnHouse LMS affecting all versions up to commit 98dfad7. The vulnerability exists in the static file serving mechanism for the /content/orgs/*/courses/*/assignments/*/subs/* route, which serves student assignment submissions without implementing authentication or authorization checks. An unauthenticated attacker can access any uploaded assignment file by constructing the direct URL path, leading to unauthorized disclosure of sensitive academic materials. The vulnerability has been publicly disclosed. |
|---|
| Source | ⚠️ https://gist.github.com/KhanMarshaI/f71f86fbd5d8e8363f9113a8c054c28b |
|---|
| User | KhanMarshal (UID 89610) |
|---|
| Submission | 10/13/2025 11:58 (6 months ago) |
|---|
| Moderation | 10/26/2025 17:01 (13 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 329942 [LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca Student Assignment Submission sub_file resource injection] |
|---|
| Points | 20 |
|---|