CVE-2025-3849 YXJ2018 SpringBoot-Vue-OnlineExam studentPWD unverified password change

A vulnerability classified as problematic was found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This vulnerability affects unknown code of the file /api/studentPWD. The manipulation of the argument studentId leads to unverified password change. The attack can be initiated remotely. The exploit has...

SpringBoot-Vue-OnlineExam 安全漏洞

SpringBoot-Vue-OnlineExam is an online exam system by Yu Personal Developer. A security vulnerability exists in SpringBoot-Vue-OnlineExam version 1.0, which stems from an unauthenticated password change due to manipulation of the studentId parameter in file/api/studentPWD...