Lucene search
HistoryMar 27, 2023 - 4:15 a.m.
CVE-2023-24834
wisdomgarden tronclass
access control
file upload
remote attacker
user privilege
vulnerability
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
37.4%
WisdomGarden Tronclass has improper access control when uploading file. An authenticated remote attacker with general user privilege can exploit this vulnerability to access files belonging to other users by modifying the file ID within URL.
Affected configurations
Node
wisdomgardentronclass_ilearnRange<1.52.29198web
ORwisdomgardentronclass_ilearnMatch2.3.2android
ORwisdomgardentronclass_ilearnMatch2.3.2iphone_os
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wisdomgarden | tronclass_ilearn | * | cpe:2.3:a:wisdomgarden:tronclass_ilearn:*:*:*:*:web:*:*:* |
| wisdomgarden | tronclass_ilearn | 2.3.2 | cpe:2.3:a:wisdomgarden:tronclass_ilearn:2.3.2:*:*:*:*:android:*:* |
| wisdomgarden | tronclass_ilearn | 2.3.2 | cpe:2.3:a:wisdomgarden:tronclass_ilearn:2.3.2:*:*:*:*:iphone_os:*:* |
Related
prion
prion
Improper access control
2023-03-27 04:15:00
cve
cve
CVE-2023-24834
2023-03-27 04:15:09
cvelist
cvelist
CVE-2023-24834 WisdomGarden Tronclass ilearn - Broken Access Control
2023-03-27 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
37.4%
Related for NVD:CVE-2023-24834