Open eClass Business Logic Flaw Allows Students to Mark Attendance in Expired Activities

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a business logic vulnerability allows authenticated students to improperly mark themselves as present in attendance activities, including activities that have already expired, by directly accessing a crafted URL. This issue has been patched in version 4.2.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

行为工作流的不恰当实施

Open eClass 安全漏洞

Open eClass是Greek Universities Network开源的一个电子课堂系统。 Open eClass 4.2之前版本存在安全漏洞，该漏洞源于业务逻辑漏洞，可能导致已认证学生通过直接访问特制URL不当标记自己为出勤活动出席。

N/A

N/A