CVE-2021-42331
5.4 MEDIUMThe “Study Edit” function of ShinHer StudyOnline System does not perform permission control
Published: 2021-10-15 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 5.4 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
- CWE
- CWE-285, CWE-862
Affected products
| Vendor | Product |
|---|---|
| xinheinformation | xinhe_teaching_platform_system |
Description
The “Study Edit” function of ShinHer StudyOnline System does not perform permission control. After logging in with user’s privilege, remote attackers can access and edit other users’ tutorial schedule by crafting URL parameters.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2021-42332 — The “List View” function of ShinHer StudyOnline System is not under authority control (4.3 MEDIUM)
- CVE-2021-42330 — The “Teacher Edit” function of ShinHer StudyOnline System does not perform authority control (8.8 HIGH)
- CVE-2021-42329 — The “List_Add” function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter (5.4 MEDIUM)
Same CWE
- CVE-2026-12105 — Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplicat...
- CVE-2026-53866 — OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticated operators ... (8.1 HIGH)
- CVE-2026-53851 — OpenClaw before 2026.5.12 contains a notification bypass vulnerability allowing Slack reaction events to enter the agent pipeline despite... (5.3 MEDIUM)
- CVE-2026-53850 — OpenClaw before 2026.4.25 contains a control scope enforcement bypass vulnerability in the focus command that allows authenticated caller... (5.5 MEDIUM)
- CVE-2026-53844 — OpenClaw before 2026.4.29 contains a session visibility check bypass vulnerability in shared memory search that allows authenticated call... (6.5 MEDIUM)