{"id":27585,"date":"2025-11-25T13:38:20","date_gmt":"2025-11-25T13:38:20","guid":{"rendered":"http:\/\/localhost\/?p=27585"},"modified":"2025-11-25T13:38:20","modified_gmt":"2025-11-25T13:38:20","slug":"classroomio-lms-0113-insecure-direct-object-reference","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=27585","title":{"rendered":"\ud83d\udcc4 Classroomio LMS 0.1.13 Insecure Direct Object Reference_PACKETSTORM:212008"},"content":{"rendered":"

{“lastseen”:”2025-11-25T19:07:04″,”description”:”Classroomio LMS version 0.1.13 suffers from multiple insecure direct object reference vulnerabilities…”,”published”:”2025-11-25T00:00:00″,”modified”:”2025-11-25T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Classroomio LMS 0.1.13 Insecure Direct Object Reference”,”source”:””,”references”:””,”id”:”PACKETSTORM:212008″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-65670″,”CVE-2025-65672″],”sourceData”:”# CVE-2025-65670\\n An Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access sensitive admin\/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts to a normal state restricting access.Discovered by – Rivek Raj Tamang (RivuDon), Sikkim, India.\\n \\n **Affected Product: ClassroomIO**\\n * Affected Version: 0.1.13\\n * **Discovered by: Rivek Raj Tamang (RivuDon), Sikkim, India**\\n \\n ## Vulnerability Details\\n Insecure Direct Object Reference \/ Broken Access Control\\n \\n # Summary\\n This vulnerability allows a student-level user to momentarily access privileged admin-only endpoints by directly manipulating course IDs in the URL. Due to missing authorization checks and improper access validation, sensitive course analytics, attendance records, submissions, people lists, and marks become exposed before the system reverts to enforcing restrictions. This brief but critical information disclosure constitutes an IDOR-based Broken Access Control issue and can lead to leakage of sensitive administrative and student data.\\n \\n ## Steps to Reproduce\\n Login as Admin\\n \\n 1. Create and publish a course with enrolled students.\\n \\n 2. Access admin endpoints for the course e.g..\\n \\n courses\/\\u003ccourse-ID\\u003e\/analytics, courses\/\\u003ccourse-ID\\u003e\/attendance, courses\/\\u003ccourse-ID\\u003e\/submissions, courses\/\\u003ccourse-ID\\u003e\/people, courses\/\\u003ccourse-ID\\u003e\/marks, \\n \\n 3. Admin can view expected data.\\n \\n Login as Student\\n \\n 4. Join the course via Explore\\n \\n 5. Verify Students cannot see admin in the UI\\n \\n 6. Find the course ID (e.g. by inspecting course lessons URL).\\n \\n 7. Manually access the admin endpoints by crafting URLs such as:\\n \\n courses\/\\u003ccourse-ID\\u003e\/analytics, courses\/\\u003ccourse-ID\\u003e\/attendance, courses\/\\u003ccourse-ID\\u003e\/submissions, courses\/\\u003ccourse-ID\\u003e\/people, courses\/\\u003ccourse-ID\\u003e\/marks, \\n \\n 8. The system responds with data meant only for Admin\/Teacher roles momentarily, leaking sensitive information before reverting to restricting access.\\n \\n \\n \\n # Acknowledgement \\n \\n This vulnerability was discovered and responsibly reported by:\\n \\n **Rivek Raj Tamang (RivuDon) from Sikkim, India** \\n \\n https:\/\/www.linkedin.com\/in\/rivektamang\/\\n \\n https:\/\/rivudon.medium.com\/\\n \\n \\n ——————-\\n \\n # CVE-2025-65672\\n Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows unauthorized share and invite access to course settings.\\n \\n **Affected Product: ClassroomIO**\\n * Affected Version: 0.1.13\\n * **Discovered by: Rivek Raj Tamang (RivuDon), Sikkim, India**\\n \\n ## Vulnerability Details\\n Insecure Direct Object Reference (IDOR) \/ Broken Access Control\\n \\n # Summary\\n ClassroomIO version 0.1.13 contains an IDOR vulnerability that allows a student (non-privileged user) to access restricted Course Settings, specifically the Share and Invite management interfaces.\\n This flaw arises due to improper authorization checks on sensitive endpoints, enabling privilege escalation and unauthorized course manipulation.\\n \\n ## Steps to Reproduce\\n 1. Create Course (Admin)\\n \\n 2. Log in as an Admin and create\/publish a new course.\\n \\n 3. Student View\\n Log in as a Student.\\n \\n Navigate to the course using the Explore page.\\n \\n Note the course ID in the URL.\\n \\n 5. Access Restricted Pages Directly\\n Replace {course-id} with a valid course ID and visit:\\n \\n \/courses\/{course-id}\/settings#share\\n \\n \/courses\/{course-id}\/people?add=true\\n \\n 7. Observe the Impact\\n The student is able to access:\\n \\n Share Settings\\n \\n Invite\/People Management Panel\\n \\n These actions are meant only for the course admin, but due to missing access checks, the student gains unauthorized control.\\n \\n # Acknowledgement \\n \\n This vulnerability was discovered and responsibly reported by:\\n \\n **Rivek Raj Tamang (RivuDon) from Sikkim, India** \\n \\n https:\/\/www.linkedin.com\/in\/rivektamang\/\\n \\n https:\/\/rivudon.medium.com\/”,”sourceHref”:”https:\/\/packetstorm.news\/download\/212008″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/212008\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2025-11-25T19:07:04″,”description”:”Classroomio LMS version 0.1.13 suffers from multiple insecure direct object reference vulnerabilities…”,”published”:”2025-11-25T00:00:00″,”modified”:”2025-11-25T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Classroomio LMS 0.1.13 Insecure Direct Object Reference”,”source”:””,”references”:””,”id”:”PACKETSTORM:212008″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-65670″,”CVE-2025-65672″],”sourceData”:”# CVE-2025-65670\\n An Insecure Direct Object Reference…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,53,7,11,5],"class_list":["post-27585","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 Classroomio LMS 0.1.13 Insecure Direct Object Reference_PACKETSTORM:212008 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=27585\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 Classroomio LMS 0.1.13 Insecure Direct Object Reference_PACKETSTORM:212008 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2025-11-25T19:07:04″,”description”:”Classroomio LMS version 0.1.13 suffers from multiple insecure direct object reference vulnerabilities…”,”published”:”2025-11-25T00:00:00″,”modified”:”2025-11-25T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Classroomio LMS 0.1.13 Insecure Direct Object Reference”,”source”:””,”references”:””,”id”:”PACKETSTORM:212008″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-65670″,”CVE-2025-65672″],”sourceData”:”# CVE-2025-65670n An Insecure Direct Object Reference...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=27585\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-25T13:38:20+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=27585#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=27585\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 Classroomio LMS 0.1.13 Insecure Direct Object Reference_PACKETSTORM:212008\",\"datePublished\":\"2025-11-25T13:38:20+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=27585\"},\"wordCount\":753,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"exploit\",\"news\",\"NONE\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=27585#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=27585\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=27585\",\"name\":\"\ud83d\udcc4 Classroomio LMS 0.1.13 Insecure Direct Object Reference_PACKETSTORM:212008 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-11-25T13:38:20+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=27585#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=27585\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=27585#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 Classroomio LMS 0.1.13 Insecure Direct Object Reference_PACKETSTORM:212008\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 Classroomio LMS 0.1.13 Insecure Direct Object Reference_PACKETSTORM:212008 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=27585","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 Classroomio LMS 0.1.13 Insecure Direct Object Reference_PACKETSTORM:212008 - zero redgem","og_description":"{“lastseen”:”2025-11-25T19:07:04″,”description”:”Classroomio LMS version 0.1.13 suffers from multiple insecure direct object reference vulnerabilities…”,”published”:”2025-11-25T00:00:00″,”modified”:”2025-11-25T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Classroomio LMS 0.1.13 Insecure Direct Object Reference”,”source”:””,”references”:””,”id”:”PACKETSTORM:212008″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-65670″,”CVE-2025-65672″],”sourceData”:”# CVE-2025-65670n An Insecure Direct Object Reference...","og_url":"https:\/\/zero.redgem.net\/?p=27585","og_site_name":"zero redgem","article_published_time":"2025-11-25T13:38:20+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=27585#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=27585"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 Classroomio LMS 0.1.13 Insecure Direct Object Reference_PACKETSTORM:212008","datePublished":"2025-11-25T13:38:20+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=27585"},"wordCount":753,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","exploit","news","NONE","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=27585#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=27585","url":"https:\/\/zero.redgem.net\/?p=27585","name":"\ud83d\udcc4 Classroomio LMS 0.1.13 Insecure Direct Object Reference_PACKETSTORM:212008 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-11-25T13:38:20+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=27585#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=27585"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=27585#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 Classroomio LMS 0.1.13 Insecure Direct Object Reference_PACKETSTORM:212008"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/27585","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=27585"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/27585\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=27585"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=27585"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=27585"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}