A vulnerability classified as critical has been found in SourceCodester Online Exam System 1.0. This affects an unknown part of the file adminpanel/admin/facebox_modal/updateCourse.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228771.
References
| Link | Resource |
|---|---|
| https://github.com/sushanburanxisha/cve/blob/main/SQLi-1.md | Exploit Third Party Advisory |
| https://vuldb.com/?id.228771 | Third Party Advisory |
| https://vuldb.com/?ctiid.228771 | Third Party Advisory |
Configurations
History
17 May 2023, 20:29
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://vuldb.com/?ctiid.228771 - Third Party Advisory | |
| References | (MISC) https://vuldb.com/?id.228771 - Third Party Advisory | |
| References | (MISC) https://github.com/sushanburanxisha/cve/blob/main/SQLi-1.md - Exploit, Third Party Advisory | |
| First Time |
Online Exam System Project
Online Exam System Project online Exam System |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
| CPE | cpe:2.3:a:online_exam_system_project:online_exam_system:1.0:*:*:*:*:*:*:* |
11 May 2023, 06:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-05-11 06:15
Updated : 2024-05-17 02:23
NVD link : CVE-2023-2642
Mitre link : CVE-2023-2642
JSON object : View
Products Affected
online_exam_system_project
- online_exam_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')