PT-2026-27032 · Code Projects · Exam Form Submission

Sgwt

Publicado

2026-03-22

Atualizado

2026-03-23

CVE-2026-4557

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions code-projects Exam Form Submission version 1.0

Description A cross-site scripting issue exists in code-projects Exam Form Submission version 1.0. The issue is located in the file /admin/update s1.php. Manipulation of the sname argument can trigger the issue. The attack can be initiated remotely. The exploit is publicly available.

Recommendations Apply any available updates to address the issue in the /admin/update s1.php file. As a temporary workaround, sanitize the sname argument to prevent cross-site scripting. Restrict access to the /admin/update s1.php file to authorized personnel only.

Exploit

Correção

XSS

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79CWE-94

Identificadores relacionados

CVE-2026-4557

Produtos afetados

Exam Form Submission

PT-2026-27032 · Code Projects · Exam Form Submission

CVE-2026-4557

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8