CyberSec.Space Logo
返回 CVE 浏览器

CVE-2021-29394

MEDIUM
6.5
CVSS Severity Score
EPSS Score0.0900%
EPSS Percentile36.98th
Published2022年2月4日
Last Modified2024年11月21日

Vulnerability Description

Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote authenticated users to change the password of any targeted user accounts via lack of proper authorization in the user-controlled "userID" parameter of the HTTP POST request.

Affected Platforms (CPE)

📦
Globalnorthstar

Northstar Club Management

= 6.3

References & Advisories

🔗 https://ardent-security.com
🔗 https://ardent-security.com/en/advisory/asa-2021-02/
🔗 https://ardent-security.com
🔗 https://ardent-security.com/en/advisory/asa-2021-02/

相关漏洞威胁

CVE-2021-293939.8

Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote ...

CVE-2021-293969.8

Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to u...

CVE-2021-293957.5

Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remot...

CVE-2021-293977.5

Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technologies Inc NorthStar Club Managem...