CVE-2022-28924

An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:universis:universis-students:*:*:*:*:*:*:*:*

Information

Published : 2022-05-18 10:15

Updated : 2022-05-26 05:06


NVD link : CVE-2022-28924

Mitre link : CVE-2022-28924


JSON object : View

CWE
CWE-668

Exposure of Resource to Wrong Sphere

Advertisement

dedicated server usa

Products Affected

universis

  • universis-students