23 matches found
EUVD-2021-29303
Malicious code in bioql PyPI...
EUVD-2021-29304
Malicious code in bioql PyPI...
EUVD-2021-29306
Malicious code in bioql PyPI...
ShinHer StudyOnline System Licensing Issue Vulnerability (CNVD-2021-101182)
ShinHer StudyOnline System is a school system from ShinHer, China. ShinHer StudyOnline System is vulnerable to an authorization issue, which stems from the fact that the teacher editing function of ShinHer StudyOnline System is not controlled by permissions. An attacker could use this vulnerabili...
ShinHer StudyOnline System License Issue Vulnerability
ShinHer StudyOnline System is a school administration system from ShinHer, China. " feature is not controlled by permissions. An attacker could use this vulnerability to access other users' message board content by setting URL parameters after logging in with user privileges...
CVE-2021-42332
The “List View” function of ShinHer StudyOnline System is not under authority control. After logging in with user’s privilege, remote attackers can access the content of other users’ message boards by crafting URL parameters...
CVE-2021-42330
The “Teacher Edit” function of ShinHer StudyOnline System does not perform authority control. After logging in with user’s privilege, remote attackers can access and edit other users’ credential and personal information by crafting URL parameters...
CVE-2021-42329
The “ListAdd” function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter. After logging in with user’s privilege, remote attackers can inject JavaScript and execute stored XSS attacks...
CVE-2021-42330
The “Teacher Edit” function of ShinHer StudyOnline System does not perform authority control. After logging in with user’s privilege, remote attackers can access and edit other users’ credential and personal information by crafting URL parameters...
Design/Logic Flaw
The “List View” function of ShinHer StudyOnline System is not under authority control. After logging in with user’s privilege, remote attackers can access the content of other users’ message boards by crafting URL parameters...
Design/Logic Flaw
The “Teacher Edit” function of ShinHer StudyOnline System does not perform authority control. After logging in with user’s privilege, remote attackers can access and edit other users’ credential and personal information by crafting URL parameters...
Cross site scripting
The “ListAdd” function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter. After logging in with user’s privilege, remote attackers can inject JavaScript and execute stored XSS attacks...
CVE-2021-42332
CVE-2021-42332 : The ShinHer StudyOnline System exposes a protected resource via the List View function not under proper authority control. After logging in with standard user privileges, an attacker can craft URL parameters to access other users’ message board content. This is described consiste...
CVE-2021-42331
CVE-2021-42331 affects ShinHer StudyOnline System: the Study Edit function lacks permission checks, allowing an authenticated user to craft URL parameters to access and edit other users’ tutorial schedules. Documented impact is authorization bypass with potential for modification of schedules; no...
CVE-2021-42330
The CVE-2021-42330 issue affects ShinHer StudyOnline System, where the Teacher Edit function does not enforce proper authorization. According to connected records, after logging in with a user privilege, an attacker can craft URL parameters to access and edit other users’ credentials and personal...
CVE-2021-42332
The “List View” function of ShinHer StudyOnline System is not under authority control. After logging in with user’s privilege, remote attackers can access the content of other users’ message boards by crafting URL parameters...
PT-2021-23573 · Unknown · Shinher Studyonline System
Name of the Vulnerable Software and Affected Versions: ShinHer StudyOnline System affected versions not specified Description: The issue concerns the "Teacher Edit" function, which lacks authority control. After logging in with a user's privilege, remote attackers can access and edit other users'...
ShinHer StudyOnline System 安全漏洞
ShinHer StudyOnline System is a school administration system from ShinHer, China. " feature is not controlled by permissions. An attacker could use this vulnerability to access other users' message board content by setting URL parameters after logging in with user privileges...
PT-2021-23575 · Unknown · Shinher Studyonline System
Name of the Vulnerable Software and Affected Versions: ShinHer StudyOnline System affected versions not specified Description: The issue concerns the "List View" function not being under authority control, allowing remote attackers to access other users' message board content by manipulating URL...
ShinHer StudyOnline System 授权问题漏洞
ShinHer StudyOnline System is a school system from ShinHer, a Chinese company. ShinHer StudyOnline System is vulnerable to an authorization issue that stems from the Study Edit feature of ShinHer StudyOnline System without permission control. An attacker could use this vulnerability to access and...