Arbitrary Code Execution Vulnerability in edx-platform Course Import Endpoint

Arbitrary Code Execution Vulnerability in edx-platform Course Import Endpoint

CVE-2015-5601 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files.

Learn more about our User Device Pen Test.