CVE-2023-27485

thmmniii/fbs-core is an open source feedback system for students. In versions prior to 1.5.3 when querying `subresults`, it is possible to query `subresults` from other users due to insufficient authorisation. This is only possible for logged-in users and it is not possible to associate the subresults with a specific user. This bug was fixed in commit `f1ae67d8bb2`and released with version 1.5.3. Users are advised to upgrade. There are no known workarounds for this issue.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:thm:feedbacksystem:*:*:*:*:*:*:*:*

Information

Published : 2023-03-07 11:15

Updated : 2023-03-14 09:36


NVD link : CVE-2023-27485

Mitre link : CVE-2023-27485


JSON object : View

CWE
CWE-863

Incorrect Authorization

Advertisement

dedicated server usa

Products Affected

thm

  • feedbacksystem