PT-2025-53655 · Saiftheboss7 · Onlinemcqexam
Antiz
·
Publicado
2025-12-28
·
Atualizado
2026-01-02
·
CVE-2025-15140
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
saiftheboss7 onlinemcqexam versions prior to 0e56806132971e49721db3ef01868098c7b42ada
Description
A SQL injection issue exists in saiftheboss7 onlinemcqexam. The issue is located in the file
/admin/quesadd.php and involves manipulation of the ans1/ans2 arguments. This allows for remote exploitation. The exploit has been publicly released. The vendor was contacted but did not respond.Recommendations
Versions prior to 0e56806132971e49721db3ef01868098c7b42ada should be updated. As a temporary workaround, restrict access to the
/admin/quesadd.php file to minimize the risk of exploitation. Avoid using the ans1 and ans2 parameters in the affected API endpoint until the issue is resolved.Exploit
Correção
Special Elements Injection
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Onlinemcqexam