TVN ID | TVN-202108007 |
---|---|
Affected Products | Hanlin hanlintest version 2.1.5 |
Description | The API function of Hanlin hanlintest v2.1.5 has not been properly assigned privileges. Remote attackers can exploit the vulnerability without logging in to enter user’s ID through the API parameters, obtaining general user’s credential and view the specific user's exam paper number, content and delete it. |
Solution | Hanlin hanlintest version 3.2.2 |
Credit | CHANG JUI HSUAN |
Public Date | 2021-08-23 |