CVE-2023-26779

CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution RCE...

CVE-2023-25402

CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of the uploaded file, resulting in any file upload...

CVE-2023-26779

CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution RCE...

CVE-2023-25403

CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username format characters. Any user who logged in within 24 hours. A token can be forged with his username to bypass authentication...

Deserialization of untrusted data

CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution RCE...

CVE-2023-26779

CVE-2023-26779 affects CleverStupidDog yf-exam v1.8.0. The vulnerability is described as a Deserialization flaw that can lead to Remote Code Execution (RCE). CVSS 3.1 base score 9.8 (CRITICAL) with NETWORK attack vector, low attack complexity, no privileges or user interaction required, and impac...

CVE-2023-25402

The CVE-2023-25402 entry concerns CleverStupidDog yf-exam 1.8.0. The Red Hat, NVD, and other sources confirm an unrestricted file upload vulnerability caused by no suffix/file-type validation, enabling uploading of arbitrary files. Impact stated: potential for arbitrary file upload with high inte...

CVE-2023-25403

CVE-2023-25403 affects CleverStupidDog yf-exam v1.8.0. Root cause: authentication bypass due to a fixed JWT key and a stored key that uses username-format characters. Any user who logged in within 24 hours can forge a token with their username to bypass authentication. Impact: authentication can ...

CVE-2023-25402

CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of the uploaded file, resulting in any file upload...

CVE-2023-26779

CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution RCE...

yf-exam 代码问题漏洞

yf-exam CloudFan Training Exam System is a training exam system for CleverStupidDog individual developers. A security vulnerability exists in CleverStupidDog yf-exam version 1.8.0, which stems from the lack of restriction on the suffix of uploaded files, resulting in an arbitrary file upload...

yf-exam 代码问题漏洞

yf-exam CloudFan Training and Exam System is a training and exam system for CleverStupidDog individual developers. A security vulnerability exists in CleverStupidDog yf-exam version 1.8.0, which stems from the presence of a deserialization vulnerability that can be exploited by an attacker to cau...

CVE-2023-26780

CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection...

CVE-2023-26780

CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection...

CVE-2023-26780

CVE-2023-26780 affects CleverStupidDog yf-exam v1.8.0. The connected documents describe a SQL Injection vulnerability with high impact (CVSS 3.1: 9.8, NETWORK attack vector, no user interaction). No explicit remediation details are provided in the sources; one entry notes there is no information ...