Описание
An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information (final grades, study courses, degrees) by changing the student ID parameter in the HTTP POST request to the FrontControllerSS endpoint.
Ссылки
- ExploitThird Party Advisory
- Release NotesVendor Advisory
- ExploitThird Party Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.04.09.016 (исключая)
cpe:2.3:a:ihb-eg:fn2web:*:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.00134
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-639
Связанные уязвимости
CVSS3: 4.3
github
больше 3 лет назад
An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information (final grades, study courses, degrees) by changing the student ID parameter in the HTTP POST request to the FrontControllerSS endpoint.
EPSS
Процентиль: 33%
0.00134
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-639