Blackboard CourseInfo 4.0 Database Modification Vulnerability

Any user who has a valid account on Blackboard CourseInfo is able to modify the database by entering custom form values through any perl script located in /bin and its subdirectories.

For example, the following URL will change the password of any known account:


The URL below will change the status of a user to either a Student (value is "S"), Teacher Assistant (value is "T"), or Instructor (value is "G").



Privacy Statement
Copyright 2010, SecurityFocus