Medium severity6.5NVD Advisory· Published Feb 4, 2022· Updated Jun 17, 2026
CVE-2021-29394
CVE-2021-29394
Description
Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote authenticated users to change the password of any targeted user accounts via lack of proper authorization in the user-controlled "userID" parameter of the HTTP POST request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Northstar Technologies Inc/NorthStar Club Managementdescription
- Range: 6.3
Patches
Vulnerability mechanics
References
2- ardent-security.comnvdThird Party Advisory
- ardent-security.com/en/advisory/asa-2021-02/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.