Unrated severityNVD Advisory· Published Jan 30, 2026· Updated Mar 5, 2026
Online-Exam-System 2015 - 'feedback' SQL Injection
CVE-2020-37051
Description
Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. Attackers can exploit the 'feed.php' endpoint by crafting malicious payload requests that use time delays to systematically enumerate user password characters.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: 2015
Patches
Vulnerability mechanics
References
2- www.exploit-db.com/exploits/48560mitreexploit
- www.vulncheck.com/advisories/online-exam-system-feedback-sql-injectionmitrethird-party-advisory
News mentions
0No linked articles in our index yet.