CVE-2026-39354 | Erudika scoold up to 1.66.1 /questions/ask postId authorization

Inserito da Angelo Barbosa | Apr 7, 2026 | CVE

A vulnerability, which was classified as problematic, was found in Erudika scoold up to 1.66.1. Impacted is an unknown function of the file /questions/ask. Such manipulation of the argument postId leads to authorization bypass.

This vulnerability is referenced as CVE-2026-39354. It is possible to launch the attack remotely. No exploit is available.

You should upgrade the affected component.

CVE-2026-39354 | Erudika scoold up to 1.66.1 /questions/ask postId authorization

Post correlati

CVE-2025-11289 | westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab Template Management Page TemplateFileServiceImpl.java save cross site scripting

CVE-2024-24775 | F5 BIG-IP up to 15.1.9/16.1.3/17.1.0 Traffic Management Microkernel null pointer dereference (K000137333)

CVE-2024-7204 | Ai3 QbiBot up to 8.0.9.b1 Chat Box cross site scripting

CVE-2024-10997 | 1000 Projects Bookstore Management System 1.0 /book_list.php id sql injection