CVE-2013-3601

Published: Sep 6, 2013Modified: Apr 29, 2026

6.0

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability: 6.8 / Impact: 6.4

Source: NVD

Description

Coursemill Learning Management System (LMS) 6.6 does not properly restrict JSP function calls, which allows remote authenticated users to perform arbitrary JSP operations by leveraging the Student role and providing an op parameter.

Affected (1)

Products: Trivantis: Coursemill Learning Management System

Trivantis

1 product

Coursemill Learning Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Trivantis Coursemill Learning Management System	Version 6.6

Related CWEs

CWE-264

References (2)

http://www.kb.cert.org/vuls/id/960908

Source: cret@cert.org

US Government Resource

http://www.kb.cert.org/vuls/id/960908

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

Timeline

No history available yet.