Ventem｜e-School – Missing Authorization

July 29, 2025 invoker category_cve

CVE Details

Basic Information

Title	Ventem｜e-School – Missing Authorization
Type	cve
Published	2025-07-30T02:49:22.021Z
Modified	2025-07-30T02:49:22.021Z

Product Information

Vendor	Ventem
Product	e-School
Version	0

CVSS Information

Base Score	8.8 (HIGH)
Attack Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Ventem e-School 0

Additional Information

CWE List	CWE-862
Source	twcert

Description

The e-School from Ventem has a Missing Authorization vulnerability, allowing remote attackers with regular privilege to access administrator functions, including creating, modifying, and deleting accounts. They can even escalate any account to system administrator privilege.

References

https://www.twcert.org.tw/tw/cp-132-10304-6b375-1.html
https://www.twcert.org.tw/en/cp-139-10305-2eca0-2.html

View Full CVE Details