Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5
CVE-2023-25402
- EPSS 0.06%
- Published 03.03.2023 23:15:12
- Last modified 06.03.2025 21:15:13
CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of the uploaded file, resulting in any file upload.
7.5
CVE-2023-25403
- EPSS 0.02%
- Published 03.03.2023 23:15:12
- Last modified 07.03.2025 17:15:17
CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username format characters. Any user who logged in within 24 hours. A token can be forged with his username to bypass au...
9.8
CVE-2023-26779
- EPSS 1%
- Published 03.03.2023 23:15:12
- Last modified 06.03.2025 21:15:13
CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution (RCE).
9.8
CVE-2023-26780
- EPSS 0.06%
- Published 02.03.2023 16:15:14
- Last modified 21.11.2024 07:51:56
CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection.
1