Vulnerability Details CVE-2021-27522
Learnsite 1.2.5.0 contains a remote privilege escalation vulnerability in /Manager/index.aspx through the JudgIsAdmin() function. By modifying the initial letter of the key of a user cookie, the key of the administrator cookie can be obtained.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 67.0%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
Products affected by CVE-2021-27522
-
cpe:2.3:a:learnsite_project:learnsite:1.2.5.0