Primary

Context

CodeLit CourseLit Parameter Tampering Vulnerability in Payment Plans

Vulnerability

A parameter tampering vulnerability has been identified in CodeLit CourseLit versions prior to 0.57.5. This vulnerability allows users to associate a payment plan with the wrong entity, potentially leading to unauthorized access or actions related to that entity.

Impact

Exploitation of this vulnerability could result in improper association of payment plans, allowing users to manipulate payment-related actions or access inappropriately.

Reproduction

To reproduce this vulnerability, send a request to the payment plan initiation endpoint with a plan ID that does not belong to the specified entity. The request must include the entity type and course ID, but can be crafted to bypass validation checks, such as by using a plan ID associated with a different course.

Remediation

Users can update to CodeLit CourseLit version 0.57.5 or later, where this vulnerability has been fixed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.2

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.2

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CodeLit CourseLit Parameter Tampering Vulnerability in Payment Plans

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating