Unrated severityNVD Advisory· Published Jul 11, 2019· Updated Sep 16, 2024
eClass platform allows user to download arbitrary files without authentication
CVE-2019-9886
Description
Any URLs with download_attachment.php under templates or home folders can allow arbitrary files downloaded without login in BroadLearning eClass before version ip.2.5.10.2.1.
Affected products
2- BroadLearning/eclassv5Range: ip
Patches
Vulnerability mechanics
References
3- surl.twcert.org.tw/aTxzemitrex_refsource_CONFIRM
- tvn.twcert.org.tw/taiwanvn/TVN-201906004mitrex_refsource_CONFIRM
- zeroday.hitcon.org/vulnerability/ZD-2019-00423mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.