Authorization Bypass Through User-Controlled Key Vulnerability Affects Academy LMS
CVE-2024-38701

8.8HIGH

Key Information:

Vendor: WordPress
Status: Academy Lms
Vendor: CVE Published:; 22 July 2024

Summary

An authorization bypass issue found in the Academy LMS allows attackers to exploit user-controlled keys, potentially leading to unauthorized access and manipulation of sensitive data. This vulnerability impacts all versions from n/a up to 2.0.4, raising concerns regarding data integrity and the overall security posture of users relying on the system.

Affected Version(s)

Academy LMS <= 2.0.4

References

https://patchstack.com/database/vulnerability/academy/wor...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 22, 2024
Vulnerability Reserved
Jun 19, 2024

Credit

filime (Patchstack Alliance)