search

frappe / lms

Easy to Use, 100% Open Source Learning Management System
https://frappe.io/learning
GNU Affero General Public License v3.0
1.06k stars 480 forks source link

Webforms are a huge risk. #1070

Closed ajiragroup closed 1 week ago

ajiragroup commented 1 month ago

I just checked all default web-forms.

If student: domain.com/edit-profile takes me to : /edit-profile/new and I can fill up anyone's information. image

domain.com/update-profile takes me to /edit-profile/new. Same as above.

/job-opportunity : I can create a job opportunity as a student. Its a good thing that company email address couldnot be set by student. so form does not get submitted. But even a system manager cannot set a company email from the same url. image

student can add a new batch: image

As a system manager

/update-profile will take me to : /edit-profile/abc.m.xyz@gmail.com . This email address is of another user (course creator, etc) /edit-profile will take me to : /edit-profile/abc.m.xyz@gmail.com .

Please solve these vulnerabilities asap.

frappe-pr-bot commented 1 week ago

:tada: This issue has been resolved in version 2.11.0 :tada:

The release is available on GitHub release

Your semantic-release bot :package::rocket: