CVE-2021-46086

Published: Jan 25, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

xzs-mysql >= t3.4.0 is vulnerable to Insecure Permissions. The front end of this open source system is an online examination system. There is an unsafe vulnerability in the functional method of submitting examination papers. An attacker can use burpuite to modify parameters in the packet to destroy real data.

Affected (1)

Products: Mindskip: Xzs Mysql

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mindskip Xzs Mysql	Version t3.4.0

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://github.com/mindskip/xzs-mysql/issues/327

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://github.com/mindskip/xzs-mysql/issues/327

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.