漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
The SCORM lab launch endpoint in Skillable (scorm.skillable.com) through 2026-07-13 does not validate the client-supplied userId parameter against the authenticated SCORM session token. An authenticated user can substitute arbitrary userId values to bypass per-user lab launch rate limits and consume other users' lab allocations, resulting in denial of service against targeted users' lab and exam access. Skillable was formerly named Learn on Demand Systems.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
对假设不可变Web参数的外部可控制
Vulnerability Title
Skillable SCORM Lab Launch Integration 输入验证错误漏洞
Vulnerability Description
Skillable SCORM Lab Launch Integration是Skillable公司的一款信息化产品。 Skillable SCORM Lab Launch Integration 2026-07-13及之前版本存在输入验证错误漏洞,该漏洞源于未验证客户端提供的userId参数与已认证的SCORM会话令牌,可能导致已认证用户通过替换任意userId值绕过实验室启动速率限制并消耗其他用户的实验室分配,造成针对目标用户的实验室和考试访问的拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A