Unverified Password Change

CVE-2024-27715

High

8.2/10

Summary

An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via a crafted request to the Password Change mechanism.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-620 - Unverified Password Change

When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.

References

Advisory Timeline

Published Jul 05, 2024

Unverified Password Change

CVE-2024-27715

Summary

CWE-620 - Unverified Password Change

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS