CVE-2021-30114

Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create. The application fails to validate the CSRF token for a POST request using admin privilege.

Link	Resource
https://web-school.in/try-demo/	Product
https://github.com/0xrayan/CVEs/issues/2	Exploit Issue Tracking
http://web-school.in	Product

Configuration 1

cpe:2.3:a:web-school:enterprise_resource_planning:5.0:*:*:*:*:*:*:*

---

Published : 2021-04-08 12:15

Updated : 2021-04-13 03:23

---

NVD link : CVE-2021-30114

Mitre link : CVE-2021-30114

No products.

CWE-352