vendor:
elearning-script
by:
riamloo
6.4
CVSS
MEDIUM
Authentication Bypass
287
CWE
Product Name: elearning-script
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE: N/A
CPE: a:amitkolloldey:elearning-script
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Win 10
2019
elearning-script 1.0 – Authentication Bypass
Attacker can bypass login page and access to dashboard page by sending a POST request with '=''or' as the payload.
Mitigation:
Implement proper authentication and authorization mechanisms.
