CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45111 – Online Examination System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-45111
Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database. Online Examination System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'email' del recurso feed.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/pires https://projectworlds.in • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-36256
https://notcve.org/view.php?id=CVE-2023-36256
The Online Examination System Project 1.0 version is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can craft a malicious link that, when clicked by an admin user, will delete a user account from the database without the admin's consent. The email of the user to be deleted is passed as a parameter in the URL, which can be manipulated by the attacker. This could result in a loss of data. • https://www.exploit-db.com/exploits/51511 https://www.hackersnotes.com/blog/pentest/online-examination-system-project-1-0-cross-site-request-forgery-csrf • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26006
https://notcve.org/view.php?id=CVE-2020-26006
Project Worlds Online Examination System 1.0 is affected by Cross Site Scripting (XSS) via account.php. Project Worlds Online Examination System versión 1.0, está afectado por una vulnerabilidad de tipo Cross Site Scripting (XSS) por medio del archivo account.php • https://github.com/projectworldsofficial/online-examination-systen-in-php/archive/master.zip https://nikhilkumar01.medium.com/cve-2020-26006-31f847e16019 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25411
https://notcve.org/view.php?id=CVE-2020-25411
Projectworlds Online Examination System 1.0 is vulnerable to CSRF, which allows a remote attacker to delete the existing user. Projectworlds Online Examination System versión 1.0, es vulnerable a un ataque de tipo CSRF, que permite a un atacante remoto eliminar al usuario existente • https://github.com/projectworldsofficial/online-examination-systen-in-php https://nikhilkumar01.medium.com/cve-2020-25411-a245bdf88fb5 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-29259
https://notcve.org/view.php?id=CVE-2020-29259
Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the subject or feedback parameter to feedback.php. Una vulnerabilidad de tipo cross-site scripting (XSS) en el Online Examination System versión 1.0 a través del parámetro subject o feedback en el archivo feedback.php • https://asfiyashaikh20.medium.com/cve-2020-29259-persistent-xss-2ef63cc5cee6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •