A vulnerability classified as critical was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/com/yf/exam/modules/sys/user/controller/SysUserControl of the component JWT Token Handler. The manipulation leads to improper authentication. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
References
| Link | Resource |
|---|---|
| https://github.com/qiutiandefeng/yfexam-exam/issues/6 | Exploit Issue Tracking |
| https://github.com/qiutiandefeng/yfexam-exam/issues/6#issue-2754680012 | Exploit Issue Tracking |
| https://vuldb.com/?ctiid.289927 | Permissions Required VDB Entry |
| https://vuldb.com/?id.289927 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.467701 | Third Party Advisory VDB Entry |
| https://github.com/qiutiandefeng/yfexam-exam/issues/6 | Exploit Issue Tracking |
| https://github.com/qiutiandefeng/yfexam-exam/issues/6#issue-2754680012 | Exploit Issue Tracking |
Configurations
History
17 Jun 2026, 07:01
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
|
| References | () https://github.com/qiutiandefeng/yfexam-exam/issues/6 - Exploit, Issue Tracking | |
| References | () https://github.com/qiutiandefeng/yfexam-exam/issues/6#issue-2754680012 - Exploit, Issue Tracking | |
| References | () https://vuldb.com/?ctiid.289927 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.289927 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.467701 - Third Party Advisory, VDB Entry | |
| First Time |
Kaoshifeng
Kaoshifeng yunfan Learning Examination System |
|
| CPE | cpe:2.3:a:kaoshifeng:yunfan_learning_examination_system:1.9.2:*:*:*:*:*:*:* |
02 Jan 2025, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/qiutiandefeng/yfexam-exam/issues/6 - | |
| References | () https://github.com/qiutiandefeng/yfexam-exam/issues/6#issue-2754680012 - |
02 Jan 2025, 14:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-01-02 14:15
Updated : 2026-06-17 07:01
NVD link : CVE-2024-13111
Mitre link : CVE-2024-13111
CVE.ORG link : CVE-2024-13111
JSON object : View
Products Affected
kaoshifeng
- yunfan_learning_examination_system
CWE
CWE-287
Improper Authentication
