VYPR
Unrated severityNVD Advisory· Published Jul 11, 2019· Updated Sep 16, 2024

eClass platform allows user to download arbitrary files without authentication

CVE-2019-9886

Description

Any URLs with download_attachment.php under templates or home folders can allow arbitrary files downloaded without login in BroadLearning eClass before version ip.2.5.10.2.1.

Affected products

2
  • Gunet/eClassllm-fuzzy
    Range: < ip.2.5.10.2.1
  • BroadLearning/eclassv5
    Range: ip

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.