CVE-2021-42330
HIGHShinHer StudyOnline System - Unauthenticated Improper Authorization via Teacher Edit Function
Title source: llmDescription
The “Teacher Edit” function of ShinHer StudyOnline System does not perform authority control. After logging in with user’s privilege, remote attackers can access and edit other users’ credential and personal information by crafting URL parameters.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.twcert.org.tw/tw/cp-132-5200-3d3ca-1.html
Scores
CVSS v3
8.8
EPSS
0.0095
EPSS Percentile
56.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-285
Status
published
Products (1)
xinheinformation/xinhe_teaching_platform_system
v2021
Published
Oct 15, 2021
Tracked Since
Feb 18, 2026