CVE-2023-26780
Description
CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CleverStupidDog yf-exam v1.8.0 is vulnerable to SQL injection due to unfiltered parameters, allowing attackers to execute arbitrary SQL queries.
Vulnerability
CleverStupidDog yf-exam version 1.8.0, a multi-role online training and examination system, is vulnerable to SQL injection. The parameters passed to the application are not properly filtered, leading to SQL injection flaws [2]. The vulnerability is identified as CVE-2023-26780 [1].
Exploitation
An attacker can exploit this vulnerability by sending crafted input parameters to the application. No authentication or special privileges are mentioned in the available references; the injection occurs through unfiltered user-supplied data [2].
Impact
Successful exploitation could allow an attacker to execute arbitrary SQL commands, potentially leading to unauthorized access to the database, disclosure of sensitive information, or modification of data. The full extent of impact is not detailed in the references [2].
Mitigation
As of the publication date (2023-03-02), no official patch or mitigation has been disclosed in the available references. Users should monitor the vendor's repository for updates [1][2].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- CleverStupidDog/yf-examdescription
- Range: 1.8.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.