CVE-2018-16970

MEDIUM

Wisetail LE <4.11.6 - IDOR

Title source: llm

Description

Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to download non-purchased course files via a modified id parameter.

References (1)

[Exploit, Third Party Advisory] https://blog.ziaurrashid.com/wisetail-learning-ecosystem-multiple-idor-vunlerability/

Scores

CVSS v3 4.3

EPSS 0.0020

EPSS Percentile 41.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-538

Status published

Products (1)

wisetail/learning_management_system < 4.11.6

Published Sep 12, 2018

Tracked Since Feb 18, 2026