Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An Incorrect Access Control vulnerability exists in INDEX-EDUCATION PRONOTE prior to 2025.2.8. The affected components (index.js and composeUrlImgPhotoIndividu) allow the construction of direct URLs to user profile images based solely on predictable identifiers such as user IDs and names. Due to missing authorization checks and lack of rate-limiting when generating or accessing these URLs, an unauthenticated or unauthorized actor may retrieve profile pictures of users by crafting requests with guessed or known identifiers.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
INDEX ÉDUCATION PRONOTE 安全漏洞
Vulnerability Description
INDEX ÉDUCATION PRONOTE是法国INDEX ÉDUCATION公司的一款教育管理平台。 INDEX ÉDUCATION PRONOTE 2025.2.8之前版本存在安全漏洞,该漏洞源于访问控制不当,可能导致未经验证的攻击者通过构造URL检索用户个人资料图片。
CVSS Information
N/A
Vulnerability Type
N/A