BlackBoard CourseInfo 4.0 does not properly authenticate users, which allows local users to modify CourseInfo database information and gain privileges by directly calling the supporting CGI programs such as user_update_passwd.pl and user_update_admin.pl.
https://exchange.xforce.ibmcloud.com/vulnerabilities/4946
http://archives.neohapsis.com/archives/bugtraq/2000-07/0254.html