Critical Improper Auth in Yunfan Learning Exam 1.9.2 JWT Token Handler
CVE-2024-13111 Published on January 2, 2025
Beijing Yunfan Internet Technology Yunfan Learning Examination System JWT Token SysUserControl improper authentication
A vulnerability classified as critical was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/com/yf/exam/modules/sys/user/controller/SysUserControl of the component JWT Token Handler. The manipulation leads to improper authentication. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Type
What is an authentification Vulnerability?
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
CVE-2024-13111 has been classified to as an authentification vulnerability or weakness.
Affected Versions
Beijing Yunfan Internet Technology Yunfan Learning Examination System Version 1.9.2 is affected by CVE-2024-13111Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.