| Title | https://gitee.com/zhuimengshaonian/wisdom-education wisdom-education 1.0.4 Horizontal overstepping authority |
|---|
| Description | The /student/exam interface of wisdom-education 1.0.4 version has a horizontal privilege escalation vulnerability. An attacker can view others' information by modifying the subjectId parameter. |
|---|
| Source | ⚠️ https://github.com/xkalami-Tta0/CVE/blob/main/wisdom-education/%E6%B0%B4%E5%B9%B3%E8%B6%8A%E6%9D%83.md |
|---|
| User | xkalami (UID 90843) |
|---|
| Submission | 09/23/2025 17:52 (7 months ago) |
|---|
| Moderation | 09/26/2025 15:11 (3 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 326121 [zhuimengshaonian wisdom-education up to 1.0.4 ExamInfoController.java selectStudentExamInfoList subjectId improper authorization] |
|---|
| Points | 16 |
|---|