Caiteli

**Name of the Vulnerable Software and Affected Versions** Southsoft GMIS version 5.0 **Description** The issue allows attackers to access other users' private information, such as photos, through CSRF attacks. For example, any student's photo information can be accessed through the "/gmis/(S([1]))/student/grgl/PotoImageShow/?bh=[2]" endpoint. The code in `[1]` is a random string generated according to the user's login-related information, which can protect the user's identity but cannot effectively prevent unauthorized access. The code in `[2]` is the student number of any student. The attacker can carry out a CSRF attack on the system by modifying `[2]` without modifying `[1]`. **Recommendations** As a temporary workaround, consider restricting access to the `/gmis/(S([1]))/student/grgl/PotoImageShow/?bh=[2]` endpoint until a patch is available. Avoid using the `bh` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.