PT-2023-29410 · Unknown · Online Examination System

Andres Roldan

Publicado

2023-11-02

Atualizado

2023-11-08

CVE-2023-45111

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Online Examination System version 1.0

Description The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. The email parameter of the "feed.php" resource does not validate the characters received and they are sent unfiltered to the database. This allows for potential SQL injection attacks.

Recommendations For Online Examination System version 1.0, consider validating and filtering the input for the email parameter in the "feed.php" resource to prevent SQL injection attacks. As a temporary workaround, restrict access to the "feed.php" resource until a proper fix is implemented.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-45111

Produtos afetados

Online Examination System

PT-2023-29410 · Unknown · Online Examination System

CVE-2023-45111

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7