Account Hijacking via Unauthorized Password Change in NorthStar Club Management 6.3

Account Hijacking via Unauthorized Password Change in NorthStar Club Management 6.3

CVE-2021-29394 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote authenticated users to change the password of any targeted user accounts via lack of proper authorization in the user-controlled "userID" parameter of the HTTP POST request.

Learn more about our User Device Pen Test.