CVE-2021-37381
The CVE-2021-37381 entry concerns Southsoft GMIS 5.0, which is vulnerable to Cross-Site Request Forgery (CSRF). The exposed issue enables access to private user information (e.g., student photos) by CSRF via a crafted request to endpoints such as /gmis/(S([1]))/student/grgl/PotoImageShow/?bh=[2]....