CVE-2024-13111 | Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2 JWT Token SysUserControl improper authentication

Inserito da Angelo Barbosa | Gen 1, 2025 | CVE

A vulnerability classified as critical was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/com/yf/exam/modules/sys/user/controller/SysUserControl of the component JWT Token Handler. The manipulation leads to improper authentication.

This vulnerability is known as CVE-2024-13111. The attack can be launched remotely. Furthermore, there is an exploit available.

CVE-2024-13111 | Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2 JWT Token SysUserControl improper authentication

Post correlati

CVE-2024-38375 | fastly js-compute-runtime up to 3.16.0 use after free (GHSA-mp3g-vpm9-9vqv)

CVE-2024-42276 | Linux Kernel up to 6.1.102/6.6.43/6.10.2 nvme-pci nvme_map_data null pointer dereference

CVE-2024-37206 | Theme4Press Demo Awesome Plugin up to 1.0.1 on WordPress cross site scripting

CVE-2024-2376 | WPQA Builder Plugin up to 6.1.0 on WordPress cross-site request forgery