Описание
The “Teacher Edit” function of ShinHer StudyOnline System does not perform authority control. After logging in with user’s privilege, remote attackers can access and edit other users’ credential and personal information by crafting URL parameters.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:xinheinformation:xinhe_teaching_platform_system:v2021:*:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.00175
Низкий
8.8 High
CVSS3
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-285
NVD-CWE-Other
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
The “Teacher Edit” function of ShinHer StudyOnline System does not perform authority control. After logging in with user’s privilege, remote attackers can access and edit other users’ credential and personal information by crafting URL parameters.
EPSS
Процентиль: 39%
0.00175
Низкий
8.8 High
CVSS3
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-285
NVD-CWE-Other