CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-11196

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0200%
EPSS Percentile27.08th
Published2019年4月12日
Last Modified2024年11月21日

Vulnerability Description

An authentication bypass vulnerability in all versions of ValuePLUS Integrated University Management System (IUMS) allows unauthenticated, remote attackers to gain administrator privileges via the Teachers Web Panel (TWP) User ID or Password field. If exploited, the attackers could perform any actions with administrator privileges (e.g., enumerate/delete all the students' personal information or modify various settings).

Affected Platforms (CPE)

📦
Vpcsbd

Integrated University Management System

All versions

References & Advisories

🔗 https://blog.ziaurrashid.com/sql-injection-auth-bypass-on-iums/
🔗 https://blog.ziaurrashid.com/sql-injection-auth-bypass-on-iums/

関連する脆弱性情報

CVE-2018-26305.4

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Security...

CVE-2019-390510.0

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.

CVE-2019-623510.0

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12...

CVE-2019-1302010.0

The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse....