Описание
A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the rname, rcollage, rnumber, rgender and rpassword parameters in a POST HTTP request.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:jayesh:online_exam_system:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 13%
0.00044
Низкий
9.1 Critical
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 9.1
github
26 дней назад
A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the rname, rcollage, rnumber, rgender and rpassword parameters in a POST HTTP request.
EPSS
Процентиль: 13%
0.00044
Низкий
9.1 Critical
CVSS3
Дефекты
CWE-89