Beijing Yunfan Internet Technology Yunfan Learning Examination System Improper Authorization Vulnerability

A critical vulnerability has been identified in version 1.9.2 of the Yunfan Learning Examination System by Beijing Yunfan Internet Technology. The issue arises from the file 'doc.html', which lacks proper access permissions, allowing unauthorized users to view all interfaces. This vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability allows for unauthorized access to interface documentation, which could potentially expose sensitive information or functionality.

Reproduction

The vulnerability can be reproduced by accessing 'doc.html' on the server where the application is running, without any login credentials. This can be done through a web browser or a tool that can send HTTP requests. The absence of access controls will permit viewing the document and any exposed interfaces.