Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
xzs-mysql >= t3.4.0 is vulnerable to Insecure Permissions. The front end of this open source system is an online examination system. There is an unsafe vulnerability in the functional method of submitting examination papers. An attacker can use burpuite to modify parameters in the packet to destroy real data.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mindskip xzs-mysql 权限许可和访问控制问题漏洞
Vulnerability Description
Mindskip xzs-mysql是中国武汉思维跳跃科技(Mindskip)公司的一款 java + vue 的前后端分离的考试系统。主要优点是开发、部署简单快捷、界面设计友好、代码结构清晰。支持web端和微信小程序,能覆盖到pc机和手机等设备。 支持多种部署方式:集成部署、前后端分离部署、docker部署。 Mindskip xzs-mysql 存在权限许可和访问控制问题漏洞,该漏洞源于提交试卷的功能方法存在不安全漏洞。 攻击者可以使用 burpuite 修改数据包中的参数来破坏真实数据。
CVSS Information
N/A
Vulnerability Type
N/A