PT-2025-2007 · Beijing Yunfan Internet Technology · Yunfan Learning Examination System
Lvzc
+1
·
Published
2025-01-02
·
Updated
2025-01-02
·
CVE-2024-13109
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Beijing Yunfan Internet Technology Yunfan Learning Examination System version 1.9.2
Description
A critical issue has been found in the system, affecting some unknown processing of the file
/doc.html. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.Recommendations
For version 1.9.2, consider restricting access to the
/doc.html file until a patch is available. As a temporary workaround, review and limit the authorization processes to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Improper Authorization
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Yunfan Learning Examination System