CVE-2023-25403
Published
CVSS v3
7.5
HIGH
CVSS v2
N/A
Affected
2
PROJECTS
Description
CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username format characters. Any user who logged in within 24 hours. A token can be forged with his username to bypass authentication.
GitHub云帆考试系统是一款基于SpringBoot+Vue开发的考试系统。包含在线考试、用户体系、错题训练、考试规则、智能算分等考试功能,流程通畅、可用于简单的考试或进行二次开发!
GitHub