PT-2023-29410 · Unknown · Online Examination System

Andres Roldan

Published

2023-11-02

Updated

2023-11-08

CVE-2023-45111

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Online Examination System version 1.0

Description The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. The email parameter of the "feed.php" resource does not validate the characters received and they are sent unfiltered to the database. This allows for potential SQL injection attacks.

Recommendations For Online Examination System version 1.0, consider validating and filtering the input for the email parameter in the "feed.php" resource to prevent SQL injection attacks. As a temporary workaround, restrict access to the "feed.php" resource until a proper fix is implemented.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2023-45111

Affected Products

Online Examination System

PT-2023-29410 · Unknown · Online Examination System

CVE-2023-45111

Weakness Enumeration

Related Identifiers

Affected Products

References · 7