CVE-2021-42332
MEDIUMShinHer StudyOnline System - Unauthenticated Improper Authorization via List View URL Parameter
Title source: llmDescription
The “List View” function of ShinHer StudyOnline System is not under authority control. After logging in with user’s privilege, remote attackers can access the content of other users’ message boards by crafting URL parameters.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.twcert.org.tw/tw/cp-132-5202-49681-1.html
Scores
CVSS v3
4.3
EPSS
0.0074
EPSS Percentile
49.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-285
Status
published
Products (1)
xinheinformation/xinhe_teaching_platform_system
v2021
Published
Oct 15, 2021
Tracked Since
Feb 18, 2026