Which versions of Yunfan Learning Examination System are affected by CVE-2024-13109?

Organizations using A vulnerability should be aware of notable risk from CVE-2024-13109 rated CVSS 6.9. Exploitation could compromise the security of affected deployments.

Is there a public PoC exploit available for CVE-2024-13109?

Yes, a public proof-of-concept exploit is available for CVE-2024-13109. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2024-13109?

Within 7 days: Identify affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

Yunfan Learning Examination System CVE-2024-13109

Q: What is the CVSS score of CVE-2024-13109?

CVE-2024-13109 has a CVSS 4.0 base score of 6.9 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.2%.

MEDIUM

Incorrect Privilege Assignment (CWE-266)

2025-01-02 cna@vuldb.com

Information Disclosure Yunfan Learning Examination System

6.9

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

6.9 MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:01 vuln.today

PoC Detected

Aug 25, 2025 - 17:14 vuln.today

Public exploit code

CVE Published

Jan 02, 2025 - 13:15 nvd

MEDIUM 6.9

DescriptionCVE.org

A vulnerability was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. It has been rated as critical. This issue affects some unknown processing of the file /doc.html. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

A vulnerability was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-266. A vulnerability was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. It has been rated as critical.html. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Affected products include: Kaoshifeng Yunfan Learning Examination System.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-13109 vulnerability details – vuln.today

Back