CVE-2021-42330

Published: Oct 15, 2021Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: NVD (Secondary)

Description

The “Teacher Edit” function of ShinHer StudyOnline System does not perform authority control. After logging in with user’s privilege, remote attackers can access and edit other users’ credential and personal information by crafting URL parameters.

Affected (1)

Products: Xinheinformation: Xinhe Teaching Platform System

Xinheinformation

1 product

Xinhe Teaching Platform System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Xinheinformation Xinhe Teaching Platform System	Version v2021

Related CWEs

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://www.twcert.org.tw/tw/cp-132-5200-3d3ca-1.html

Source: twcert@cert.org.tw

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-5200-3d3ca-1.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.