Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
School Club Application System resource injection
Vulnerability Description
A vulnerability classified as critical was found in School Club Application System 1.0. This vulnerability affects a request to the file /scas/classes/Users.php?f=save_user. The manipulation with a POST request leads to privilege escalation. The attack can be initiated remotely and does not require authentication. The exploit has been disclosed to the public and may be used.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
对资源描述符的控制不恰当(资源注入)
Vulnerability Title
School Club Application System 注入漏洞
Vulnerability Description
School Club Application System是Carlo Montero个人开发者的一个学校俱乐部应用系统。 School Club Application System 1.0版本存在安全漏洞,该漏洞源于对POST请求的操作会导致权限升级。远程攻击者利用该漏洞不需要身份验证即可升级权限。
CVSS Information
N/A
Vulnerability Type
N/A