Qinguoyi TinyWebServer Improper Authentication Vulnerability

Vulnerability

A critical vulnerability allowing improper authentication has been identified in Qinguoyi TinyWebServer versions through 1.0. The issue arises in the file http/http_conn.cpp, where the argument m_url_real is manipulated, leading to authentication flaws. This vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability allows for improper authentication, potentially leading to unauthorized access or actions within the application.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Qinguoyi TinyWebServer Improper Authentication Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating