Open eClass is Vulnerable to CSRF in Teacher-Restricted Endpoints Allows Unauthorized Actions

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Cross-Site Request Forgery (CSRF) vulnerability in multiple teacher-restricted endpoints allows attackers to induce authenticated teachers to perform unintended actions, such as modifying assignment grades, via crafted requests. This issue has been patched in version 4.2.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

跨站请求伪造(CSRF)

Open eClass 跨站请求伪造漏洞

Open eClass是Greek Universities Network开源的一个电子课堂系统。 Open eClass 4.2之前版本存在跨站请求伪造漏洞，该漏洞源于多个教师受限端点存在跨站请求伪造，可能导致攻击者通过特制请求诱使已认证教师执行非预期操作。

N/A

N/A