What the vulnerability does
01Description
Missing Authorization vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through <= 3.5.3.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
What the vulnerability does
Missing Authorization vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through <= 3.5.3.
Explanation of Vulnerability in Simple Terms
Academy LMS versions 3.5.3 and earlier lack proper authorization checks, allowing authenticated users to modify content they should not have access to. An attacker with a low-privilege account can change data belonging to other users or the site without additional interaction. This affects the integrity of course materials and user records. Update to a version newer than 3.5.3.
What an attacker can do
Modify or delete course content, user data, or site settings belonging to other users.
Potential impact on your site
Course instructors, students, and admins may have their data altered or deleted by unauthorized users with basic accounts.
Conditions required to exploit
Attacker must have a valid low-privilege user account on the site.
Key dates
External resources
Related vulnerabilities