130 matches found
PT-2023-21082 · Idweb · Idweb
Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue concerns missing authentication in the StudentPopupDetails ContactDetails method, allowing unauthenticated attackers to extract sensitive student data. Recommendations: For...
PT-2023-21038 · Idweb · Idweb
Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue concerns missing authentication in the GetAssignmentsDue method, allowing unauthenticated attackers to extract sensitive student and teacher data. Recommendations: For...
PT-2023-21037 · Idweb · Idweb
Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue concerns missing authentication in the GetStudentGroupStudents method, allowing unauthenticated attackers to retrieve student and teacher data. Recommendations: For IDWeb...
PT-2023-21084 · Idweb · Idweb
Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue is related to missing authentication in the StudentPopupDetails EmergencyContactDetails method, allowing unauthenticated attackers to extract sensitive student data...
PT-2023-21036 · Idweb · Idweb
Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue concerns missing authentication in the GetActiveToiletPasses method, allowing unauthenticated attackers to retrieve student information. Recommendations: For versions 3.1.0...
PT-2023-21083 · Idweb · Idweb
Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue concerns missing authentication in the StudentPopupDetails StudentDetails method, allowing unauthenticated attackers to extract sensitive student data. Recommendations: For...
PT-2023-20742 · Idweb · Idweb
Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue is related to missing authentication in the SearchStudentsRFID method, allowing unauthenticated attackers to extract sensitive student data. Recommendations: For versions...
900 U.S. Schools Hit by MOVEit Hack, Exposing Student Data
By Deeba Ahmed Student Data Managing Platform National Student Clearinghouse Confirmed MOVEit Hack Affected 900 US Schools. This is a post from HackRead.com Read the original post: 900 U.S. Schools Hit by MOVEit Hack, Exposing Student Data...
Improper access control
Incorrect access control in Chamilo 1.11. up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID...
Faronics Insight 安全漏洞
Faronics Insight is an effective classroom management tool from Faronics Canada. A security vulnerability exists in Faronics Insight version 10.0.19045, which originates from a man-in-the-middle attack executed against a connected student or teacher that can intercept a student's keystrokes or...
Do cyber regulations actually make K–12 schools safer? Navigating compliance while securing school and student data
Over the last decade, K-12 schools have made great strides in employing technologies that facilitate learning--especially since the onset of pandemic-induced distance education. While students have long since returned to the classroom, digital platforms for instruction, collaboration, and homewor...
CVE-2021-40695
It was possible for a student to view their quiz grade before it had been released, using a quiz web service...
CVE-2022-2312
The Student Result or Employee Database WordPress plugin before 1.7.5 does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it...
CVE-2022-2379 Easy Student Results <= 2.2.8 - Sensitive Information Disclosure via REST API
The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc...
CVE-2022-30760
An Insecure Direct Object Reference IDOR issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information final grades, study courses, degrees by changing the student ID parameter in the HTTP POST request to the FrontControllerSS...
CVE-2022-30760
An Insecure Direct Object Reference IDOR issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information final grades, study courses, degrees by changing the student ID parameter in the HTTP POST request to the FrontControllerSS...
Improper Access Control on view student list
Description lavsms system provide a feature for teachers to view any student in the systems. The problem is when student also can view the student's list. They also can download the list in pdf or excel. Proof of Concept 1. GET http://lavsms.test/students/list/id Step to reproduce 1. Login as...
Code injection
The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades...
WordPress 插件跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. WordPress plugin LMS by LifterLMS â€" Online Course, Membership & Learning Management System Versions prior to 4.21....
CVE-2020-25408
A Cross-Site Request Forgery CSRF vulnerability exists in ProjectWorlds College Management System Php 1.0 that allows a remote attacker to modify, delete, or make a new entry of the student, faculty, teacher, subject, scores, location, and article data...