Home / exploitsPDF  

Wisetail Learning Ecosystem 4.11.6 Insecure Direct Object Reference

Posted on 14 September 2018

Wisetail Learning Ecosystem (LE) versions up to 4.11.6 suffer from multiple insecure direct object reference vulnerabilities that allow an attacker to download files and get access to the non-purchased course quiz test via a modified id parameter.