Zhuimengshaonian Wisdom-Education Improper Authorization Vulnerability in Exam Info Controller
Vulnerability
A horizontal privilege escalation vulnerability has been identified in Zhuimengshaonian Wisdom-Education versions through 1.0.4. The issue resides in the ExamInfoController, specifically within the selectStudentExamInfoList function. The vulnerability allows attackers to access unauthorized information by manipulating the subjectId parameter. This flaw can be exploited remotely, and a public proof-of-concept exploit is available.
Impact
Exploitation of this vulnerability allows for unauthorized access to information, potentially leading to unauthorized viewing of sensitive data.
Reproduction
To reproduce this vulnerability, send a GET request to the /student/exam endpoint. Include the subjectId parameter with a value that traverses privilege boundaries, effectively accessing information belonging to other users. The request must be authorized with a valid token.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.