CVE-2024-13110

Beijing Yunfan Internet Technology Yunfan Learning Examination System Exam Answer PaperController.java， information disclosure

CVSS 5.3 MEDIUMEPSS 0.6%CWE-200 CWE-284

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.3EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

02 ene 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A vulnerability classified as problematic has been found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Affected is an unknown function of the file src/main/java/com/yf/exam/modules/paper/controller/PaperController.java， of the component Exam Answer Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Productos afectados

Beijing Yunfan Internet Technology · Yunfan Learning Examination System

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/qiutiandefeng/yfexam-exam/issues/5 https://github.com/qiutiandefeng/yfexam-exam/issues/5#issue-2754675223 https://vuldb.com/?ctiid.289926 https://vuldb.com/?id.289926 https://vuldb.com/?submit.467700