PT-2023-30273 · Unknown · Yunfan Learning Examination System

Binxiang Wei

Published

2023-11-04

Updated

2023-11-14

CVE-2023-46963

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Yunfan Learning Examination System version 6.5

Description The issue allows a remote attacker to obtain sensitive information via the password parameter in the login function.

Recommendations For Yunfan Learning Examination System version 6.5, consider restricting access to the login function until a patch is available. As a temporary workaround, avoid using the password parameter in the affected login function to minimize the risk of exploitation.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2023-46963

Affected Products

Yunfan Learning Examination System

PT-2023-30273 · Unknown · Yunfan Learning Examination System

CVE-2023-46963

Weakness Enumeration

Related Identifiers

Affected Products

References · 4