Wisetail Learning Ecosystem 4.11.6 Insecure Direct Object Reference
Posted on 14 September 2018
Wisetail Learning Ecosystem (LE) versions up to 4.11.6 suffer from multiple insecure direct object reference vulnerabilities that allow an attacker to download files and get access to the non-purchased course quiz test via a modified id parameter.