Описание
The “List View” function of ShinHer StudyOnline System is not under authority control. After logging in with user’s privilege, remote attackers can access the content of other users’ message boards by crafting URL parameters.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:xinheinformation:xinhe_teaching_platform_system:v2021:*:*:*:*:*:*:*
EPSS
Процентиль: 32%
0.00126
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-285
NVD-CWE-Other
Связанные уязвимости
CVSS3: 4.3
github
больше 3 лет назад
The “List View” function of ShinHer StudyOnline System is not under authority control. After logging in with user’s privilege, remote attackers can access the content of other users’ message boards by crafting URL parameters.
EPSS
Процентиль: 32%
0.00126
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-285
NVD-CWE-Other