VULHUB ™

Blackboard Learning System, in some cases, does not sufficiently sanitize user-supplied input which is used when constructing SQL queries. As a result, attackers may supply malicious parameters to manipulate the structure and logic of SQL queries. This vulnerability was reported to exist in the search.pl script file. A remote attacker can exploit this vulnerability to discover the passwords of other users. This vulnerability is a variant of the vulnerability described in BID 6655.

Blackboard Learning System, in some cases, does not sufficiently sanitize user-supplied input which is used when constructing SQL queries. As a result, attackers may supply malicious parameters to manipulate the structure and logic of SQL queries. This vulnerability was reported to exist in the search.pl script file. A remote attacker can exploit this vulnerability to discover the passwords of other users. This vulnerability is a variant of the vulnerability described in BID 6655.