Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information (final grades, study courses, degrees) by changing the student ID parameter in the HTTP POST request to the FrontControllerSS endpoint.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
FlexNow 安全漏洞
Vulnerability Description
FlexNow是RUB 工程系和商业研究的所有学生的在线门户。 FlexNow 2.04.09.016 之前版本存在安全漏洞,该漏洞源于不安全直接对象引用 (IDOR) 问题,攻击者利用该漏洞可以将 HTTP POST 请求中的学生 ID 参数更改为 FrontControllerSS 端点。
CVSS Information
N/A
Vulnerability Type
N/A