CVE-2021-27522

Name of the Vulnerable Software and Affected Versions Learnsite version 1.2.5.0

Description The issue concerns a remote privilege escalation vulnerability. It is located in the /Manager/index.aspx endpoint through the JudgIsAdmin() function. By modifying the initial letter of the key of a user cookie, an attacker can obtain the key of the administrator cookie.

Recommendations For Learnsite version 1.2.5.0, as a temporary workaround, consider disabling the JudgIsAdmin() function until a patch is available. Restrict access to the /Manager/index.aspx endpoint to minimize the risk of exploitation. Avoid modifying user cookie keys to prevent potential escalation of privileges. At the moment, there is no information about a newer version that contains a fix for this vulnerability.