Описание
WisdomGarden Tronclass has improper access control when uploading file. An authenticated remote attacker with general user privilege can exploit this vulnerability to access files belonging to other users by modifying the file ID within URL.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.52.29198 (исключая)
Одно из
cpe:2.3:a:wisdomgarden:tronclass_ilearn:*:*:*:*:web:*:*:*
cpe:2.3:a:wisdomgarden:tronclass_ilearn:2.3.2:*:*:*:*:android:*:*
cpe:2.3:a:wisdomgarden:tronclass_ilearn:2.3.2:*:*:*:*:iphone_os:*:*
EPSS
Процентиль: 26%
0.00092
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-639
CWE-639
Связанные уязвимости
CVSS3: 6.5
github
почти 3 года назад
WisdomGarden Tronclass has improper access control when uploading file. An authenticated remote attacker with general user privilege can exploit this vulnerability to access files belonging to other users by modifying the file ID within URL.
EPSS
Процентиль: 26%
0.00092
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-639
CWE-639