exploitDog

CVE-2021-30112

Опубликовано: 08 апр. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a student_leave_application request through module/core/studentleaveapplication/create. The application fails to validate the CSRF token for a POST request using Guardian privilege.

Ссылки

http://web-school.in
Product
https://github.com/0xrayan/CVEs/issues/3
Exploit
Issue Tracking
Third Party Advisory
https://web-school.in/try-demo/
Product
http://web-school.in
Product
https://github.com/0xrayan/CVEs/issues/3
Exploit
Issue Tracking
Third Party Advisory
https://web-school.in/try-demo/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:web-school:enterprise_resource_planning:5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 34%

0.00139

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-qmhq-prcq-pvp4

github

больше 3 лет назад

Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a student_leave_application request through module/core/studentleaveapplication/create. The application fails to validate the CSRF token for a POST request using Guardian privilege.

EPSS

Процентиль: 34%

0.00139

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352