Primary

Context

Beijing Yunfan Internet Technology Yunfan Learning Examination System Information Disclosure Vulnerability

Vulnerability

An information disclosure vulnerability has been identified in version 1.9.2 of the Yunfan Learning Examination System by Beijing Yunfan Internet Technology. The issue arises in the Exam Answer Handler component, specifically within the PaperController.java file. The vulnerability allows remote attackers to view answers during the exam process by manipulating input IDs, thereby facilitating cheating.

Impact

Exploitation of this vulnerability allows for unauthorized access to exam answers, creating opportunities for cheating.

Reproduction

To reproduce this vulnerability, log into the application and start an exam. Once the exam is in progress, access the results page for the current exam using the exam ID. The correct answers will be displayed, bypassing any exam restrictions.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

6.5

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

6.5

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Beijing Yunfan Internet Technology Yunfan Learning Examination System Information Disclosure Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Beijing Yunfan Internet Technology Yunfan Learning Examination System

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating