UDomain Penetration Test findings are given 2 CVE numbers

UDomain has been providing Penetration Test. A team of professional cybersecurity analysts will be in charge of identifying and eliminating vulnerabilities for our client’s computer systems. Recently, we conducted an “E-learning Consortium School Pentest Project” and perform tests for 10 schools in Hong Kong.

 

In one e-learning platform used by many schools, we found multiple deadly vulnerabilities. If they are exploited, there will be serious consequences, such as leaking personal information of the students and their parents. The company has fixed the problem after we reported. Our test result was rewarded with 2 CVE numbers.

  

CVE (Common Vulnerabilities and Exposures) is a global database of entries—each containing an identification number—for publicly known cybersecurity vulnerabilities. Important vulnerability will be given a number after careful examination. It is for the exchange of information for cybersecurity analysts around the world in order to strengthen the security of the whole Internet. CVE number is also a recognition for the finder’s contribution. Only a handful of companies in Hong Kong were given a CVE for their findings.

 

Bypassing Validation

Allow an attacker to use GETS method to request /admin page to bypass the password validation and access management page.

[Learn more]

 

 

 

CVE - 2019 - 9885

SQL Injection

Allow an attacker to execute SQL command via /admin/academic/studenview_left.php StudentID parameter.

[Learn more]

 

Other than CVE numbers, our team of professionals also possess a variety of awards and recognitions from all over the world:

 

 

If you are interested in our Penetration Test, or want to see whether your system has CVE-level vulnerabilities, please call 2554-7545 to contact us.

.