go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

Hanlin hanlintest - Improper Privilege Management

TVN ID TVN-202108007
Affected Products Hanlin hanlintest version 2.1.5
Description The API function of Hanlin hanlintest v2.1.5 has not been properly assigned privileges. Remote attackers can exploit the vulnerability without logging in to enter user’s ID through the API parameters, obtaining general user’s credential and view the specific user's exam paper number, content and delete it.
Solution Hanlin hanlintest version 3.2.2
Credit CHANG JUI HSUAN
Public Date 2021-08-23

Links

  1. https://zeroday.hitcon.org/vulnerability/ZD-2021-00292
Top