Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ShinHer Information Co., LTD. ShinHer StudyOnline System - Improper Authorization-2
Vulnerability Description
The “Study Edit” function of ShinHer StudyOnline System does not perform permission control. After logging in with user’s privilege, remote attackers can access and edit other users’ tutorial schedule by crafting URL parameters.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
授权机制不恰当
Vulnerability Title
ShinHer StudyOnline System 授权问题漏洞
Vulnerability Description
ShinHer StudyOnline System是中国欣河(ShinHer)公司的一种校务系统。 ShinHer StudyOnline System 存在授权问题漏洞,该漏洞源于ShinHer StudyOnline系统的Study Edit功能不进行权限控制。攻击者可利用该漏洞通过创建URL参数访问和编辑其他用户教程计划。
CVSS Information
N/A
Vulnerability Type
N/A