CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4706 – projectworlds Online Examination System Procedure3b_yearwiseVisit.php sql injection
https://notcve.org/view.php?id=CVE-2025-4706
15 May 2025 — A vulnerability was found in projectworlds Online Examination System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Procedure3b_yearwiseVisit.php. The manipulation of the argument Visit_year leads to sql injection. The attack can be initiated remotely. • https://github.com/Welhelm666/666/issues/2 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4058 – Projectworlds Online Examination System Bloodgroop_process.php sql injection
https://notcve.org/view.php?id=CVE-2025-4058
29 Apr 2025 — A vulnerability classified as critical has been found in Projectworlds Online Examination System 1.0. This affects an unknown part of the file /Bloodgroop_process.php. The manipulation of the argument Pat_BloodGroup1 leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/hhhanxx/attack/issues/2#issue-2998883562 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4034 – projectworlds Online Examination System inser_doc_process.php sql injection
https://notcve.org/view.php?id=CVE-2025-4034
28 Apr 2025 — A vulnerability classified as critical was found in projectworlds Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /inser_doc_process.php. The manipulation of the argument Doc_ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/hhhanxx/attack/issues/1 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42843
https://notcve.org/view.php?id=CVE-2024-42843
15 Aug 2024 — Projectworlds Online Examination System v1.0 is vulnerable to SQL Injection via the subject parameter in feed.php. • https://github.com/ganzhi-qcy/cve/issues/6 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45121 – Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-45121
21 Dec 2023 — Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'desc' parameter of the /update.php?q=addquiz resource does not validate the characters received and they are sent unfiltered to the database. Online Examination System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL autenticadas. El parámetro 'desc' del recurso update.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/argerich • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45120 – Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-45120
21 Dec 2023 — Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'qid' parameter of the /update.php?q=quiz&step=2 resource does not validate the characters received and they are sent unfiltered to the database. Online Examination System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL autenticadas. El parámetro 'qid' del recurso update.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/argerich • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45119 – Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-45119
21 Dec 2023 — Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the /update.php?q=quiz resource does not validate the characters received and they are sent unfiltered to the database. Online Examination System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL autenticadas. El parámetro 'n' del recurso update.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/argerich • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45118 – Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-45118
21 Dec 2023 — Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'fdid' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database. Online Examination System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL autenticadas. El parámetro 'fdid' del recurso update.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. Online Examination System v1.0 is vulnerable t... • https://fluidattacks.com/advisories/argerich • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45117 – Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-45117
21 Dec 2023 — Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the /update.php?q=rmquiz resource does not validate the characters received and they are sent unfiltered to the database. Online Examination System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL autenticadas. El parámetro 'eid' del recurso update.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/argerich • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45116 – Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-45116
21 Dec 2023 — Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'demail' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database. Online Examination System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL autenticadas. El parámetro 'demail' del recurso update.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. Online Examination System v1.0 is vulnerab... • https://fluidattacks.com/advisories/argerich • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •