CVE-2020-37051

Name of the Vulnerable Software and Affected Versions Online-Exam-System version 2015

Description The software contains a time-based blind SQL injection issue in the feedback form. This allows attackers to extract database password hashes. The issue is exploitable through the 'feed.php' endpoint by crafting malicious requests that leverage time delays to determine user password characters. The vulnerable parameter is not explicitly specified, but the attack involves manipulating requests to the 'feed.php' endpoint.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.