7 matches found
EUVD-2021-23950
Malware in sbrugna...
CVE-2021-37381
Southsoft GMIS 5.0 is vulnerable to CSRF attacks. Attackers can access other users' private information such as photos through CSRF. For example: any student's photo information can be accessed through /gmis/S1/student/grgl/PotoImageShow/?bh=2. Among them, the code in 1 is a random string generat...
CVE-2021-37381
Southsoft GMIS 5.0 is vulnerable to CSRF attacks. Attackers can access other users' private information such as photos through CSRF. For example: any student's photo information can be accessed through /gmis/S1/student/grgl/PotoImageShow/?bh=2. Among them, the code in 1 is a random string generat...
CVE-2021-37381
Southsoft GMIS 5.0 is vulnerable to CSRF attacks. Attackers can access other users' private information such as photos through CSRF. For example: any student's photo information can be accessed through /gmis/S1/student/grgl/PotoImageShow/?bh=2. Among them, the code in 1 is a random string generat...
Cross site request forgery (csrf)
Southsoft GMIS 5.0 is vulnerable to CSRF attacks. Attackers can access other users' private information such as photos through CSRF. For example: any student's photo information can be accessed through /gmis/S1/student/grgl/PotoImageShow/?bh=2. Among them, the code in 1 is a random string generat...
CVE-2021-37381
The CVE-2021-37381 entry concerns Southsoft GMIS 5.0, which is vulnerable to Cross-Site Request Forgery (CSRF). The exposed issue enables access to private user information (e.g., student photos) by CSRF via a crafted request to endpoints such as /gmis/(S([1]))/student/grgl/PotoImageShow/?bh=[2]....
Southsoft GMIS 跨站请求伪造漏洞
Southsoft GMIS is an information management system. A cross-site request forgery vulnerability exists in Southsoft GMIS 5.0, which arises from a WEB application that does not adequately validate that a request is coming from a trusted user. An attacker could use this vulnerability to send an...