Vulnerabilities > CVE-2024-25270 - Authorization Bypass Through User-Controlled Key vulnerability in Mirapolis LMS

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
mirapolis
CWE-639

Summary

An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference (IDOR) vulnerability by manipulating the ID parameter and increment STEP parameter, leading to the exposure of sensitive user data.

Vulnerable Configurations

Part Description Count
Application
Mirapolis
1