CPE Details
CREATIVEITEM Academy LMS (Learning Management System) 5.10.1
5.10.1
2023-08-07
12h09 +00:00
12h09 +00:00
2023-08-07
12h12 +00:00
12h12 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:creativeitem:academy_lms:5.10.1:*:*:*:*:*:*:*
Informations
Vendor
creativeitemProduct
academy_lmsVersion
5.10.1Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user sessions by predetermining session identifiers. | 2.2 |
Bas |
||
| Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templates without rate limiting, allowing brute force attacks to guess valid reset tokens and compromise user accounts. | 6.4 |
Moyen |
||
| Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account. | 9.4 |
Critique |
||
| Creativeitem Academy LMS up to and including 5.13 contains a privilege escalation vulnerability in the Api_instructor controller where regular authenticated users can access instructor-only functions without proper role validation, allowing unauthorized course creation and management. | 6.5 |
Moyen |
