CVE Vulnerability

CVE-2021-30112

Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a student_leave_application request through module/core/studentleaveapplication/create. The application fails to validate the CSRF token for a POST request using Guardian privilege.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://web-school.in/try-demo/ Product
https://github.com/0xrayan/CVEs/issues/3 Exploit Issue Tracking
http://web-school.in Product
Configurations

Configuration 1

cpe:2.3:a:web-school:enterprise_resource_planning:5.0:*:*:*:*:*:*:*
Information

Published : 2021-04-08 12:15

Updated : 2021-04-13 03:58

NVD link : CVE-2021-30112

Mitre link : CVE-2021-30112

Products Affected
No products.
CWE
CWE-352