19 matches found
CVE-2023-25403
CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username format characters. Any user who logged in within 24 hours. A token can be forged with his username to bypass authentication...
CVE-2023-25402
CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of the uploaded file, resulting in any file upload...
EUVD-2023-29357
Malicious code in bioql PyPI...
CVE-2023-26779
CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution RCE...
CVE-2023-26780
CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection...
CVE-2023-25402
CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of the uploaded file, resulting in any file upload...
CVE-2023-25403
CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username format characters. Any user who logged in within 24 hours. A token can be forged with his username to bypass authentication...
CVE-2023-26779
CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution RCE...
Authentication flaw
CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username format characters. Any user who logged in within 24 hours. A token can be forged with his username to bypass authentication...
Deserialization of untrusted data
CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution RCE...
CVE-2023-26779
CVE-2023-26779 affects CleverStupidDog yf-exam v1.8.0. The vulnerability is described as a Deserialization flaw that can lead to Remote Code Execution (RCE). CVSS 3.1 base score 9.8 (CRITICAL) with NETWORK attack vector, low attack complexity, no privileges or user interaction required, and impac...
CVE-2023-25402
The CVE-2023-25402 entry concerns CleverStupidDog yf-exam 1.8.0. The Red Hat, NVD, and other sources confirm an unrestricted file upload vulnerability caused by no suffix/file-type validation, enabling uploading of arbitrary files. Impact stated: potential for arbitrary file upload with high inte...
CVE-2023-25403
CVE-2023-25403 affects CleverStupidDog yf-exam v1.8.0. Root cause: authentication bypass due to a fixed JWT key and a stored key that uses username-format characters. Any user who logged in within 24 hours can forge a token with their username to bypass authentication. Impact: authentication can ...
CVE-2023-25402
CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of the uploaded file, resulting in any file upload...
CVE-2023-26779
CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution RCE...
yf-exam 代码问题漏洞
yf-exam CloudFan Training Exam System is a training exam system for CleverStupidDog individual developers. A security vulnerability exists in CleverStupidDog yf-exam version 1.8.0, which stems from the lack of restriction on the suffix of uploaded files, resulting in an arbitrary file upload...
CVE-2023-26780
CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection...
CVE-2023-26780
CVE-2023-26780 affects CleverStupidDog yf-exam v1.8.0. The connected documents describe a SQL Injection vulnerability with high impact (CVSS 3.1: 9.8, NETWORK attack vector, no user interaction). No explicit remediation details are provided in the sources; one entry notes there is no information ...
CleverStupidDog yf-exam SQL注入漏洞
yf-exam CloudFan Training Exam System is a training exam system for CleverStupidDog individual developers. A security vulnerability exists in CleverStupidDog yf-exam v1.8.0, which stems from the presence of SQL injection...