Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database.
References
| Link | Resource |
|---|---|
| https://fluidattacks.com/advisories/pires | Exploit Third Party Advisory |
| https://projectworlds.in/ | Product |
| https://fluidattacks.com/advisories/pires | Exploit Third Party Advisory |
| https://projectworlds.in/ | Product |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:26
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://fluidattacks.com/advisories/pires - Exploit, Third Party Advisory | |
| References | () https://projectworlds.in/ - Product |
08 Nov 2023, 23:14
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://projectworlds.in/ - Product | |
| References | (MISC) https://fluidattacks.com/advisories/pires - Exploit, Third Party Advisory | |
| CPE | cpe:2.3:a:online_examination_system_project:online_examination_system:1.0:*:*:*:*:*:*:* | |
| First Time |
Online Examination System Project
Online Examination System Project online Examination System |
02 Nov 2023, 02:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-11-02 02:15
Updated : 2024-11-21 08:26
NVD link : CVE-2023-45111
Mitre link : CVE-2023-45111
CVE.ORG link : CVE-2023-45111
JSON object : View
Products Affected
online_examination_system_project
- online_examination_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')