CVE-2023-45116

Name of the Vulnerable Software and Affected Versions Online Examination System version 1.0

Description The issue concerns multiple Authenticated SQL Injection vulnerabilities. Specifically, the demail parameter of the "/update.php" resource does not validate the characters received, and they are sent unfiltered to the database.

Recommendations For Online Examination System version 1.0, as a temporary workaround, consider validating and filtering the demail parameter in the "/update.php" resource to prevent SQL injection attacks. Restrict access to the "/update.php" resource until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.