CNNVD-202509-4232 Information

Sep 27, 2025 cve

CNNVD ID

CNNVD-202509-4232

CVE-2025-11080

CNNVD Published: 2025-09-27

Description (Chinese)

wisdom-education是zhuimengshaonian个人开发者的一款云智能教育平台。 wisdom-education 1.0.4及之前版本存在授权问题漏洞，该漏洞源于文件src/main/java/com/education/api/controller/student/ExamInfoController.java中函数selectStudentExamInfoList对参数subjectId的授权不当，可能导致远程攻击。

Description (English)

Wisdom-education is a cloud-intellectual educational platform for zhuimenengshaonian personal developers. The mandate gap exists in document src/main/java/com/education/api/controller/student/ExamInfoController.java ’ s central function SelfStudentExamInfoList ’ s inappropriate authorization of parameter subjectId could lead to a remote attack.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

个人开发者

Published

2025-09-27

Last Modified

2026-02-24

References

https://vuldb.com/?id.326121 https://vuldb.com/?submit.661308 https://github.com/xkalami-Tta0/CVE/blob/main/wisdom-education/%E6%B0%B4%E5%B9%B3%E8%B6%8A%E6%9D%83.md https://vuldb.com/?ctiid.326121 https://github.com/xkalami-Tta0/CVE/blob/main/wisdom-education/%E6%B0%B4%E5%B9%B3%E8%B6%8A%E6%9D%83.md#vulnerability-reproduction https://access.redhat.com/security/cve/cve-2025-11080

Share on: