CNNVD-202510-855 Information

Oct 06, 2025 cve

CNNVD ID

CNNVD-202510-855

CVE-2025-11321

CNNVD Published: 2025-10-06

Description (Chinese)

wisdom-education是zhuimengshaonian个人开发者的一款云智能教育平台。 wisdom-education 1.0.4及之前版本存在安全漏洞，该漏洞源于对文件src/main/java/com/education/api/controller/student/WrongBookController.java中参数subjectId的错误操作，可能导致授权绕过。

Description (English)

Wisdom-education is a cloud-intellectual educational platform for zhuimenengshaonian personal developers. There is a security loophole in the wismom-education 1.0.4 and earlier versions, which stems from an error in the use of the parameter subsubject Id in document src/main/java/com/education/api/controller/student/WrongBookController.java, which may result in the authorization circumvention.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-10-06

Last Modified

2026-02-24

References

https://github.com/xkalami-Tta0/CVE/blob/main/wisdom-education/%E6%B0%B4%E5%B9%B3%E8%B6%8A%E6%9D%832.md https://github.com/xkalami-Tta0/CVE/blob/main/wisdom-education/%E6%B0%B4%E5%B9%B3%E8%B6%8A%E6%9D%832.md#vulnerability-reproduction https://vuldb.com/?ctiid.327202 https://vuldb.com/?id.327202 https://vuldb.com/?submit.664395

Share on: