The login page in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions prior to 6 allows remote malicious users to bypass authentication and gain privileges as other users via a modified user_id parameter and a "/" in the encoded_pw parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
blackboard academic suite |
||
blackboard academic suite 6.2.3.23 |
||
blackboard academic suite 6.3.1.424 |