CVE-2022-39196

MEDIUM

Blackboard Learn 1.10.1 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-39196. PoCs published by DayiliWaseem.

AI-analyzed exploit summary The repository describes an escalation of privileges vulnerability in Blackboard Learn CMS version 1.10.1, where authenticated users with student credentials can access unintended files and escalate privileges to 'Contest Management System'. The writeup includes steps to reproduce the vulnerability and its impacts.

Description

Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL. Note: The vendor disputes this stating this cannot be reproduced.

Exploits (1)

nomisec WRITEUP
by DayiliWaseem · poc
https://github.com/DayiliWaseem/CVE-2022-39196-

The repository describes an escalation of privileges vulnerability in Blackboard Learn CMS version 1.10.1, where authenticated users with student credentials can access unintended files and escalate privileges to 'Contest Management System'. The writeup includes steps to reproduce the vulnerability and its impacts.

Classification
Writeup 80%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Blackboard Learn LMS 1.10.1
Auth required
Prerequisites: Valid student credentials · Access to the vulnerable URL path
mistral-large-3 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory
https://github.com/DayiliWaseem/CVE-2022-39196-

Scores

CVSS v3 6.5
EPSS 0.0117
EPSS Percentile 63.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

Status published
Products (1)
blackboard/blackboard_learn 1.10.1
Published Sep 05, 2022
Tracked Since Feb 18, 2026