VYPR

yf-exam

by CleverStupidDog

CVEs (4)

  • CVE-2023-26779CriMar 3, 2023
    risk 0.64cvss 9.8epss 0.01

    CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution (RCE).

  • CVE-2023-26780CriMar 2, 2023
    risk 0.64cvss 9.8epss 0.01

    CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection.

  • CVE-2023-25403HigMar 3, 2023
    risk 0.49cvss 7.5epss 0.01

    CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username format characters. Any user who logged in within 24 hours. A token can be forged with his username to bypass authentication.

  • CVE-2023-25402HigMar 3, 2023
    risk 0.49cvss 7.5epss 0.01

    CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of the uploaded file, resulting in any file upload.