| |
Vulnerability CVE-2021-42331
Published: 2021-10-15
| Description: |
The ??Study Edit? function of ShinHer StudyOnline System does not perform permission control. After logging in with user??s privilege, remote attackers can access and edit other users?? tutorial schedule by crafting URL parameters. |
Type:
CWE-285 (Improper Authorization)
CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
5.5/10 |
4.9/10 |
8/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
None |
References: |
https://www.twcert.org.tw/tw/cp-132-5201-dc534-1.html
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
