Описание
An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.5.0 (исключая)
cpe:2.3:a:universis:universis-students:*:*:*:*:*:*:*:*
EPSS
Процентиль: 52%
0.00288
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-668
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/.
EPSS
Процентиль: 52%
0.00288
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-668