CVE-2019-13396 Scanner
CVE-2019-13396 scanner - Directory Traversal vulnerability in FlightPath
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 3 days
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
FlightPath is an open source learning management system designed to simplify the process of creating, managing, and delivering online education courses. It is widely used in schools, universities, and other educational institutions. FlightPath provides features such as course creation, student management, grading, and reporting. This platform is built on Drupal, which makes it highly customizable and extendable.
A vulnerability code by the name of CVE-2019-13396 has been detected in FlightPath 4.x and 5.0-x. This vulnerability allows attackers to execute code remotely through directory traversal and Local File Inclusion using the form_include parameter in an index.php?q=system-handle-form-submit POST request. This is possible because of an include_once function in system_handle_form_submit found in modules/system/system.module. An attacker exploiting this vulnerability can gain access to sensitive information, modify data, or even take full control of the system.
When exploited, this vulnerability can lead to disastrous consequences for an educational institution. Attackers can gain access to student personal data, including Personally Identifiable Information (PII), examination results, and grades. This will severely damage the reputation of the institution and affect student trust. In addition, the attacker can modify course materials, leading to misinformation and confusion among students, destroying the credibility of educational programs.
Thanks to the pro features of the s4e.io platform, those who read this article can easily and quickly learn about any vulnerabilities in their digital assets. Our platform provides users with detailed and actionable insights that help them identify and remediate security threats. We offer automatic scanning, real-time alerts, and periodic detailed reports with guidance on how to fix vulnerabilities. Don't leave your digital assets at risk; use our pro features to protect your business today!
REFERENCES
