CVE-2023-33668

CRITICAL

DigiExam < 14.0.2 - Unauthenticated Account Takeover via Native Module Integrity Check Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-33668. PoCs published by lodi-g.

AI-analyzed exploit summary This repository describes a vulnerability in DigiExam v14.0.2 where the lack of integrity checks on the native module 'dx-sec' allows an attacker to replace it with a patched version, bypassing virtual machine detection and other security features. The writeup includes technical details on how the module can be patched to return immediately, effectively disabling VM detection.

Description

DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers.

Exploits (1)

nomisec WRITEUP 2 stars
by lodi-g · poc
https://github.com/lodi-g/CVE-2023-33668

This repository describes a vulnerability in DigiExam v14.0.2 where the lack of integrity checks on the native module 'dx-sec' allows an attacker to replace it with a patched version, bypassing virtual machine detection and other security features. The writeup includes technical details on how the module can be patched to return immediately, effectively disabling VM detection.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: DigiExam v14.0.2
No auth needed
Prerequisites: Access to the file system where DigiExam is installed · Ability to replace the 'dx-sec' native module
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory
https://github.com/lodi-g/CVE-2023-33668

Scores

CVSS v3 9.8
EPSS 0.0043
EPSS Percentile 34.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-354
Status published
Products (1)
digiexam/digiexam < 14.0.2
Published Jul 12, 2023
Tracked Since Feb 18, 2026