NotCVE - vendor:"Kashipara" product:"Online Exam System"

2 results (0.002 seconds)

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2024-40480

https://notcve.org/view.php?id=CVE-2024-40480

09 Aug 2024 — A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Online%20Exam%20System%20v1.0/Broken%20Access%20Control%20-%20Admin%20Dashboard%20and%20User%20Deletion.pdf • CWE-284: Improper Access Control •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-40479

https://notcve.org/view.php?id=CVE-2024-40479

09 Aug 2024 — A SQL injection vulnerability in "/admin/quizquestion.php" in Kashipara Online Exam System v1.0 allows remote attackers to execute arbitrary SQL commands via the "eid" parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Online%20Exam%20System%20v1.0/SQL%20Injection.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •