The permission control of AIFU cashier management salary query function can be bypassed, thus after obtaining general user’s permission, the remote attacker can access account information except passwords by crafting URL parameters.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-5296-cbf80-1.html | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: twcert
Published: 2021-11-16T00:00:00
Updated: 2021-11-16T01:40:13
Reserved: 2021-10-12T00:00:00
Link: CVE-2021-42337
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-11-16T02:15:06.787
Modified: 2022-08-09T14:40:29.060
Link: CVE-2021-42337
JSON object: View
Redhat Information
No data.
CWE