Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Open eClass Unauthenticated IDOR Allows Access to Arbitrary User Files
Vulnerability Description
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an Insecure Direct Object Reference (IDOR) vulnerability allows unauthenticated remote attackers to access personal files of other users by directly requesting predictable user identifiers. This issue has been patched in version 4.2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
Open eClass 安全漏洞
Vulnerability Description
Open eClass是Greek Universities Network开源的一个电子课堂系统。 Open eClass 4.2之前版本存在安全漏洞,该漏洞源于存在不安全的直接对象引用,可能导致未经认证的远程攻击者通过直接请求可预测的用户标识符访问其他用户的个人文件。
CVSS Information
N/A
Vulnerability Type
N/A