CVE-2023-45122

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Online Examination System version 1.0

Description The issue concerns multiple Authenticated SQL Injection vulnerabilities. The 'name' parameter of the "update.php" resource does not validate the characters received, and they are sent unfiltered to the database.

Recommendations For Online Examination System version 1.0, consider validating and filtering user input for the name parameter in the "update.php" resource to prevent SQL injection attacks. As a temporary workaround, restrict access to the "update.php" resource until a proper fix is implemented.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2023-45122

Affected Products

Online Examination System

CVE-2023-45122

Related Identifiers

Affected Products

References · 4