I found a Information Disclosure Vulnerability at ‘Participants list search’ from E-Class system of Hansung Univ. (learn.hansung.ac.kr). This vulnerability enables an authenticated student to view the sensitive information of other students in the same lecture without permission by exploiting the input of certain strings in the search box.
Medium - This vulnerability can be exploited to obtain a table containing sensitive student information, such as unpublished email addresses, student IDs, and real names. An authenticated student for enter a lecture can exploit this vulnerability to collect data on other users within their course, which potentially leading to further social engineering attacks or unauthorized data collection.