Blackboard Learn version 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL.
Step 1: Use a student credentials privilege. Username: ********** & Password: **********, to login.
Step 2: After successfully login by "STUDENT" account privilege.
Step 3: Then request "URL / Location of vulnerability".
Step 4: Directly without any privilege requirements you will escalated the session from "Student" to "Contest Management System" privileges.
Sensitive Data Exposure
Blackboard Learn LMS
LMS - 1.10.1
CMSMAIN - 1.10.1
Remote
true
true
Impact 1: View systems directories such as courses , institution, library and orgs directories & its contains.
Impact 2: Basic & Advance searching over courses , institution, library and orgs directories.
Impact 3: Searching & view about Blackboard LMS institution users.
Impact 4: Download files.
https://drive.google.com/drive/folders/1gonDDt0sCkpMdPDu_ZVwZ7EfLC8Z4JVn?usp=sharing
true
Waseem Dayili