What the vulnerability does
01Description
Authentication Bypass Using an Alternate Path or Channel vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.3.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
What the vulnerability does
Authentication Bypass Using an Alternate Path or Channel vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.3.
Explanation of Vulnerability in Simple Terms
Masteriyo LMS versions up to 1.7.3 contain an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive information over the network. The vulnerability requires no user interaction and can be exploited remotely. Site administrators should update to a version newer than 1.7.3 to remediate this issue.
What an attacker can do
Read sensitive information without logging in.
Potential impact on your site
Unauthorized users can access confidential data stored in your Masteriyo LMS installation.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities