Vulnerability CVE-2021-27522


Published: 2021-04-08

Description:
Learnsite 1.2.5.0 contains a remote privilege escalation vulnerability in /Manager/index.aspx through the JudgIsAdmin() function. By modifying the initial letter of the key of a user cookie, the key of the administrator cookie can be obtained.

 References:
https://github.com/WaterCountry/Learnsite/issues/1

Copyright 2021, cxsecurity.com

 

Back to Top