Описание
xzs-mysql >= t3.4.0 is vulnerable to Insecure Permissions. The front end of this open source system is an online examination system. There is an unsafe vulnerability in the functional method of submitting examination papers. An attacker can use burpuite to modify parameters in the packet to destroy real data.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:mindskip:xzs-mysql:t3.4.0:*:*:*:*:*:*:*
EPSS
Процентиль: 35%
0.00148
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-276
Связанные уязвимости
github
около 4 лет назад
xzs-mysql >= t3.4.0 is vulnerable to Insecure Permissions. The front end of this open source system is an online examination system. There is an unsafe vulnerability in the functional method of submitting examination papers. An attacker can use burpuite to modify parameters in the packet to destroy real data.
EPSS
Процентиль: 35%
0.00148
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-276