8 matches found
CVE-2024-27712
An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the User Account Mangemnt component in the authentication mechanism...
PT-2024-22008 · Unknown · Eskooly Free Online School Management
Name of the Vulnerable Software and Affected Versions: Eskooly Free Online School Management Software versions 3.0 and earlier Description: The issue allows a remote attacker to escalate privileges via the Token Handling component. This is a Cross Site Request Forgery vulnerability...
PT-2024-22002 · Unknown · Eskooly Free Online School Management
Name of the Vulnerable Software and Affected Versions: Eskooly Free Online School management Software versions 3.0 and earlier Description: An issue in the authentication mechanism allows a remote attacker to escalate privileges. Recommendations: For versions 3.0 and earlier, update to a version...
CVE-2024-27717
Cross Site Request Forgery vulnerability in Eskooly Free Online School Management Software v.3.0 and before allows a remote attacker to escalate privileges via the Token Handling component...
CVE-2024-27710
Eskooly Free Online School management Software v3.0 and earlier is affected by a privilege escalation via the authentication mechanism. Root cause is in the authentication flow allowing remote attackers to escalate privileges. Exploitation status/components are not detailed in the provided docume...
CVE-2024-27711
An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the Sin-up process function in the account settings...
CVE-2024-27713
An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the HTTP Response Header Settings component...
CVE-2024-27713
CVE-2024-27713 affects Eskooly Free Online School Management Software v.3.0 and earlier. The issue, described as a privilege escalation via the HTTP Response Header Settings component, originates from the affected product’s handling of response headers. No explicit exploit details, affected versi...