CVE-2023-45115
CVE-2023-45115
8.8
HighPublished:
Last updated:
Source:help@fluidattacks.com
Modified
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- Low
- User Interaction
- None
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- High
- Availability
- High
Description
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'ch' parameter of the /update.php?q=addqns resource does not validate the characters received and they are sent unfiltered to the database.
References
help@fluidattacks.com
https://fluidattacks.com/advisories/argerich/help@fluidattacks.com
https://projectworlds.in/af854a3a-2127-422b-91ae-364da2661108
https://fluidattacks.com/advisories/argerich/af854a3a-2127-422b-91ae-364da2661108
https://projectworlds.in/