CVE-2021-42331
MEDIUMShinHer StudyOnline System - Missing Authorization in Study Edit Function
Title source: llmDescription
The “Study Edit” function of ShinHer StudyOnline System does not perform permission control. After logging in with user’s privilege, remote attackers can access and edit other users’ tutorial schedule by crafting URL parameters.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.twcert.org.tw/tw/cp-132-5201-dc534-1.html
Scores
CVSS v3
5.4
EPSS
0.0062
EPSS Percentile
45.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-285
CWE-862
Status
published
Products (1)
xinheinformation/xinhe_teaching_platform_system
v2021
Published
Oct 15, 2021
Tracked Since
Feb 18, 2026