zhuimengshaonian wisdom-education ExamInfoController.java selectStudentExamInfoList improper authorization_CVE-2025-11080

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. This vulnerability affects the function selectStudentExamInfoList of the file src/main/java/com/education/api/controller/student/ExamInfoController.java. Such manipulation of the argument subjectId leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

Basic Information

ID CVE-2025-11080

Source VulDB

Published Sep 27, 2025 at 21:32

Affected Product

Vendor zhuimengshaonian

Product wisdom-education

Version 1.0.0

Affected Versions zhuimengshaonian wisdom-education 1.0.0
zhuimengshaonian wisdom-education 1.0.1
zhuimengshaonian wisdom-education 1.0.2
zhuimengshaonian wisdom-education 1.0.3
zhuimengshaonian wisdom-education 1.0.4

CWE Classification

CWE-285 CWE-266

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. This vulnerability affects the function selectStudentExamInfoList of the file src/main/java/com/education/api/controller/student/ExamInfoController.java. Such manipulation of the argument subjectId leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.",
    "published": "2025-09-27T21:32:06.699Z",
    "modified": "2025-09-27T21:32:06.699Z",
    "type": "cve",
    "title": "zhuimengshaonian wisdom-education ExamInfoController.java selectStudentExamInfoList improper authorization",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.326121\nhttps://vuldb.com/?ctiid.326121\nhttps://vuldb.com/?submit.661308\nhttps://github.com/xkalami-Tta0/CVE/blob/main/wisdom-education/%E6%B0%B4%E5%B9%B3%E8%B6%8A%E6%9D%83.md\nhttps://github.com/xkalami-Tta0/CVE/blob/main/wisdom-education/%E6%B0%B4%E5%B9%B3%E8%B6%8A%E6%9D%83.md#vulnerability-reproduction",
    "id": "CVE-2025-11080",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285",
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "zhuimengshaonian wisdom-education 1.0.0\nzhuimengshaonian wisdom-education 1.0.1\nzhuimengshaonian wisdom-education 1.0.2\nzhuimengshaonian wisdom-education 1.0.3\nzhuimengshaonian wisdom-education 1.0.4",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "wisdom-education",
    "version": "1.0.0",
    "vendor": "zhuimengshaonian",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}