You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If student: domain.com/edit-profile takes me to : /edit-profile/new and I can fill up anyone's information.
domain.com/update-profile takes me to /edit-profile/new. Same as above.
/job-opportunity : I can create a job opportunity as a student. Its a good thing that company email address couldnot be set by student. so form does not get submitted. But even a system manager cannot set a company email from the same url.
student can add a new batch:
As a system manager
/update-profile will take me to : /edit-profile/[email protected] . This email address is of another user (course creator, etc) /edit-profile will take me to : /edit-profile/[email protected] .
Please solve these vulnerabilities asap.
The text was updated successfully, but these errors were encountered:
I just checked all default web-forms.
If student:
domain.com/edit-profiletakes me to :/edit-profile/newand I can fill up anyone's information.domain.com/update-profiletakes me to/edit-profile/new. Same as above./job-opportunity : I can create a job opportunity as a student. Its a good thing that company email address couldnot be set by student. so form does not get submitted. But even a system manager cannot set a company email from the same url.
student can add a new batch:
As a system manager
/update-profilewill take me to : /edit-profile/[email protected] . This email address is of another user (course creator, etc)/edit-profilewill take me to : /edit-profile/[email protected] .Please solve these vulnerabilities asap.
The text was updated successfully, but these errors were encountered: