Security Breach In LMS
Yann TASSY
I'm using LMS plug-in more and more. I found a security issue.
Steps to reproduce:
- Create an LMS purchases menu item
- Create LMS Certificates for somes students
- Log in with the account of one of the students
- Access their certificate
- In the URL, change the value of the certificate ID. (?view=certificate&id=xxxxx) and set another id
- The student can access all the certificates of all the other students.
Thanks ! Yann
Website
https://www.yanntassy.fr
9 Answers
Order by
Oldest
Rashida Rahman
Accepted AnswerHi there!
Thanks for reporting this. We will check and forward it to the developer team for resolution.
Best Regards
Rashida Rahman
Accepted AnswerHi Yann,
We have released a security patch for SP LMS. You can find it here:
https://www.joomshaper.com/downloads/extension/sp-lms
Please try this new build and let us know if it resolves the issue for you.
Best Regards
Rashida Rahman
Accepted AnswerThanks for letting us know about your feedback:)
Have a nice day!
Rashida Rahman
Accepted AnswerHello,
Thanks for your consideration:)
Where did you give us review, please? Should I find it on your name: "Yann TASSY"?
Best Regards
Yann TASSY
Accepted AnswerYes "Yann Tassy"
https://www.trustpilot.com/reviews/66ba1b96a230d90972bcd1a3
In Joomla, it is in "Pending Confirmation"