← Back to CVEs
CVE-2023-33668
CRITICAL9.8
Description
DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published7/12/2023
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
digiexam:digiexam
Weaknesses (CWE)
CWE-354
References
http://digiexam.com(cve@mitre.org)
https://github.com/lodi-g/CVE-2023-33668(cve@mitre.org)
http://digiexam.com(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/lodi-g/CVE-2023-33668(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.