Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Yf-Exam Security Vulnerabilities

cve
cve

CVE-2023-25402

CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of the uploaded file, resulting in any file upload.

7.5CVSS

7.5AI Score

0.001EPSS

2023-03-03 11:15 PM
19
cve
cve

CVE-2023-25403

CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username format characters. Any user who logged in within 24 hours. A token can be forged with his username to bypass authentication.

7.5CVSS

7.4AI Score

0.001EPSS

2023-03-03 11:15 PM
27
cve
cve

CVE-2023-26779

CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution (RCE).

9.8CVSS

9.7AI Score

0.004EPSS

2023-03-03 11:15 PM
29
cve
cve

CVE-2023-26780

CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection.

9.8CVSS

9.5AI Score

0.002EPSS

2023-03-02 04:15 PM
21