CVE-2021-42331

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions ShinHer StudyOnline System (affected versions not specified)

Description The issue concerns the "Study Edit" function, which lacks proper permission control. This allows remote attackers to access and edit other users' tutorial schedules by manipulating URL parameters after logging in with user privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authorization

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-862

Related Identifiers

CVE-2021-42331

Affected Products

Shinher Studyonline System

CVE-2021-42331

Weakness Enumeration

Related Identifiers

Affected Products

References · 4