46 matches found
CVE-2025-48375
Schule is open-source school management system software. Prior to version 1.0.1, the file forgotpassword.php or equivalent endpoint responsible for email-based OTP generation lacks proper rate limiting controls, allowing attackers to abuse the OTP request functionality. This vulnerability can be...
CVE-2025-48373
Schule is open-source school management system software. The application relies on client-side JavaScript index.js to redirect users to different panels based on their role. Prior to version 1.0.1, this implementation poses a serious security risk because it assumes that the value of data.role is...
CVE-2025-48372
Schule is open-source school management system software. The generateOTP function generates a 4-digit numeric One-Time Password OTP. Prior to version 1.0.1, even if a secure random number generator is used, the short length and limited range 1000–9999 results in only 9000 possible combinations...
CVE-2025-48375
CVE-2025-48375 concerns Schule, an open-source school management system. Prior to version 1.0.1, the endpoint responsible for email-based OTP generation (forgot_password.php) lacks proper rate limiting, enabling abuse of the OTP request function. This can lead to excessive OTP emails, risking den...
CVE-2025-48375 Schule Missing Rate Limiting on OTP Email Requests – Susceptible to Abuse & DoS
Schule is open-source school management system software. Prior to version 1.0.1, the file forgotpassword.php or equivalent endpoint responsible for email-based OTP generation lacks proper rate limiting controls, allowing attackers to abuse the OTP request functionality. This vulnerability can be...
CVE-2025-48375 Schule Missing Rate Limiting on OTP Email Requests – Susceptible to Abuse & DoS
Schule is open-source school management system software. Prior to version 1.0.1, the file forgotpassword.php or equivalent endpoint responsible for email-based OTP generation lacks proper rate limiting controls, allowing attackers to abuse the OTP request functionality. This vulnerability can be...
CVE-2025-48375 Schule Missing Rate Limiting on OTP Email Requests – Susceptible to Abuse & DoS
Schule is open-source school management system software. Prior to version 1.0.1, the file forgotpassword.php or equivalent endpoint responsible for email-based OTP generation lacks proper rate limiting controls, allowing attackers to abuse the OTP request functionality. This vulnerability can be...
PT-2025-22812 · Schule · Schule
Name of the Vulnerable Software and Affected Versions: Schule versions prior to 1.0.1 Description: The issue concerns a lack of proper rate limiting controls in the file forgot password.php, which is responsible for email-based OTP generation. This allows attackers to abuse the OTP request...
Schule 安全漏洞
Schule is an application for schule111 individual developers. A security vulnerability exists in Schule versions prior to 1.0.1, which stems from a lack of rate-limiting controls and could lead to a denial-of-service attack or user harassment...
CVE-2025-48373
Schule is open-source school management system software. The application relies on client-side JavaScript index.js to redirect users to different panels based on their role. Prior to version 1.0.1, this implementation poses a serious security risk because it assumes that the value of data.role is...
CVE-2025-48372
Schule is open-source school management system software. The generateOTP function generates a 4-digit numeric One-Time Password OTP. Prior to version 1.0.1, even if a secure random number generator is used, the short length and limited range 1000–9999 results in only 9000 possible combinations...
CVE-2025-48373
Schule has a client-side RBAC bypass prior to version 1.0.1: the app trusts data.role in the browser to redirect users to panels, allowing an attacker to set data.role to values like “admin” and access restricted areas. The root cause is insecure client-side role handling. Affected: Schule open-s...
CVE-2025-48373 Schule Has Client-Side Role-Based Access Control (RBAC) Bypass Vulnerability
Schule is open-source school management system software. The application relies on client-side JavaScript index.js to redirect users to different panels based on their role. Prior to version 1.0.1, this implementation poses a serious security risk because it assumes that the value of data.role is...
CVE-2025-48373 Schule Has Client-Side Role-Based Access Control (RBAC) Bypass Vulnerability
Schule is open-source school management system software. The application relies on client-side JavaScript index.js to redirect users to different panels based on their role. Prior to version 1.0.1, this implementation poses a serious security risk because it assumes that the value of data.role is...
CVE-2025-48373 Schule Has Client-Side Role-Based Access Control (RBAC) Bypass Vulnerability
Schule is open-source school management system software. The application relies on client-side JavaScript index.js to redirect users to different panels based on their role. Prior to version 1.0.1, this implementation poses a serious security risk because it assumes that the value of data.role is...
CVE-2025-48372 Schule Has Insecure OTP Length, is Susceptible to Brute-Force Attacks
Schule is open-source school management system software. The generateOTP function generates a 4-digit numeric One-Time Password OTP. Prior to version 1.0.1, even if a secure random number generator is used, the short length and limited range 1000–9999 results in only 9000 possible combinations...
CVE-2025-48372
Schule before version 1.0.1 uses generateOTP() to create a 4-digit numeric OTP, yielding a small keyspace (1000–9999, i.e., 9000 possibilities) that is vulnerable to brute-force attacks if rate-limiting or lockout is absent. The issue is fixed in version 1.0.1. Connected sources corroborate the a...
Schule 安全漏洞
Schule is an application for schule111 individual developers. A security vulnerability exists in Schule versions prior to 1.0.1 that stems from improper client-side role authentication, which could lead to unauthorized access...
PT-2025-22563 · Schule · Schule
Name of the Vulnerable Software and Affected Versions: Schule versions prior to 1.0.1 Description: The issue concerns the Schule open-source school management system software, which relies on client-side JavaScript to redirect users to different panels based on their role. This implementation pos...
PT-2025-22562 · Schule · Schule
Name of the Vulnerable Software and Affected Versions: Schule versions prior to 1.0.1 Description: The issue concerns the generateOTP function, which generates a 4-digit numeric One-Time Password OTP with a limited range of 9000 possible combinations. This small keyspace makes the OTP highly...