Local Privilege Escalation in BlackBoard CourseInfo 4.0

Local Privilege Escalation in BlackBoard CourseInfo 4.0

CVE-2000-0627 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

BlackBoard CourseInfo 4.0 does not properly authenticate users, which allows local users to modify CourseInfo database information and gain privileges by directly calling the supporting CGI programs such as user_update_passwd.pl and user_update_admin.pl.

Learn more about our User Device Pen Test.