The “Teacher Edit” function of ShinHer StudyOnline System does not perform authority control. After logging in with user’s privilege, remote attackers can access and edit other users’ credential and personal information by crafting URL parameters.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.twcert.org.tw/tw/cp-132-5200-3d3ca-1.html |
History
No history.
MITRE
Status: PUBLISHED
Assigner: twcert
Published: 2021-10-15T12:10:31.314922Z
Updated: 2024-09-16T16:38:14.758Z
Reserved: 2021-10-12T00:00:00
Link: CVE-2021-42330
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-10-15T12:15:07.643
Modified: 2022-08-12T16:29:48.687
Link: CVE-2021-42330
Redhat
No data.