Exploitation Summary
EIP tracks 1 public exploit for CVE-2022-39196. PoCs published by DayiliWaseem.
AI-analyzed exploit summary The repository describes an escalation of privileges vulnerability in Blackboard Learn CMS version 1.10.1, where authenticated users with student credentials can access unintended files and escalate privileges to 'Contest Management System'. The writeup includes steps to reproduce the vulnerability and its impacts.
Description
Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL. Note: The vendor disputes this stating this cannot be reproduced.
Exploits (1)
The repository describes an escalation of privileges vulnerability in Blackboard Learn CMS version 1.10.1, where authenticated users with student credentials can access unintended files and escalate privileges to 'Contest Management System'. The writeup includes steps to reproduce the vulnerability and its impacts.
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N