Description
Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, to execute login account’s permissions, and obtain relevant information.
Scores
CVSS v3
9.8
EPSS
0.0052
EPSS Percentile
66.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-321
CWE-798
Status
published
Products (1)
kaifa/webitr_attendance_system
2.1.0.23
Published
Dec 15, 2023
Tracked Since
Feb 18, 2026