3 matches found
CVE-2021-29394
Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote authenticated users to change the password of any targeted user accounts via lack of proper authorization in the user-controlled "userID" parameter of the HTTP POST...
CVE-2021-29394
creationtimestamp| type| source ---|---|--- 2022-02-04 22:36:23+00:00| seen| https://t.me/cibsecurity/36870...
CVE-2021-29394
CVE-2021-29394 affects NorthStar Club Management version 6.3. The issue is a lack of proper authorization in the userID parameter of an HTTP POST to /northstar/Admin/changePassword.jsp, allowing remote authenticated users to change other users’ passwords (account hijacking). Root cause: insuffici...