CVE-2023-45117

Name of the Vulnerable Software and Affected Versions Online Examination System version 1.0

Description The issue concerns multiple Authenticated SQL Injection vulnerabilities. Specifically, the eid parameter of the "/update.php?q=rmquiz" resource does not validate the characters received, and they are sent unfiltered to the database.

Recommendations For Online Examination System version 1.0, as a temporary workaround, consider restricting access to the "/update.php?q=rmquiz" resource until a patch is available. Avoid using the eid parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.