Arbitrary JSP Operations Vulnerability in Coursemill Learning Management System (LMS) 6.6

Arbitrary JSP Operations Vulnerability in Coursemill Learning Management System (LMS) 6.6

CVE-2013-3601 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:P

Coursemill Learning Management System (LMS) 6.6 does not properly restrict JSP function calls, which allows remote authenticated users to perform arbitrary JSP operations by leveraging the Student role and providing an op parameter.

Learn more about our E Learning Pen Testing.