Online Examination System
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-45111 | Cri | 0.64 | 9.8 | 0.01 | Nov 2, 2023 | Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database. | ||
| CVE-2021-46307 | Cri | 0.64 | 9.8 | 0.02 | Jan 21, 2022 | An SQL Injection vulnerability exists in Projectworlds Online Examination System 1.0 via the eid parameter in account.php. | ||
| CVE-2023-45121 | Hig | 0.57 | 8.8 | 0.01 | Dec 21, 2023 | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'desc' parameter of the /update.php?q=addquiz resource does not validate the characters received and they are sent unfiltered to the database. | ||
| CVE-2023-45120 | Hig | 0.57 | 8.8 | 0.01 | Dec 21, 2023 | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'qid' parameter of the /update.php?q=quiz&step=2 resource does not validate the characters received and they are sent unfiltered to the database. | ||
| CVE-2023-45119 | Hig | 0.57 | 8.8 | 0.01 | Dec 21, 2023 | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the /update.php?q=quiz resource does not validate the characters received and they are sent unfiltered to the database. | ||
| CVE-2023-45118 | Hig | 0.57 | 8.8 | 0.01 | Dec 21, 2023 | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'fdid' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database. | ||
| CVE-2023-45117 | Hig | 0.57 | 8.8 | 0.01 | Dec 21, 2023 | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the /update.php?q=rmquiz resource does not validate the characters received and they are sent unfiltered to the database. | ||
| CVE-2023-45116 | Hig | 0.57 | 8.8 | 0.01 | Dec 21, 2023 | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'demail' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database. | ||
| CVE-2023-45115 | Hig | 0.57 | 8.8 | 0.01 | Dec 21, 2023 | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'ch' parameter of the /update.php?q=addqns resource does not validate the characters received and they are sent unfiltered to the database. | ||
| CVE-2023-45203 | Med | 0.40 | 6.1 | 0.00 | Nov 1, 2023 | Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the login.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | ||
| CVE-2023-45202 | Med | 0.40 | 6.1 | 0.00 | Nov 1, 2023 | Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the feed.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | ||
| CVE-2023-45201 | Med | 0.40 | 6.1 | 0.00 | Nov 1, 2023 | Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the admin.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | ||
| CVE-2022-42066 | Med | 0.40 | 6.1 | 0.01 | Oct 14, 2022 | Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php. |
- risk 0.64cvss 9.8epss 0.01
Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database.
- risk 0.64cvss 9.8epss 0.02
An SQL Injection vulnerability exists in Projectworlds Online Examination System 1.0 via the eid parameter in account.php.
- risk 0.57cvss 8.8epss 0.01
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'desc' parameter of the /update.php?q=addquiz resource does not validate the characters received and they are sent unfiltered to the database.
- risk 0.57cvss 8.8epss 0.01
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'qid' parameter of the /update.php?q=quiz&step=2 resource does not validate the characters received and they are sent unfiltered to the database.
- risk 0.57cvss 8.8epss 0.01
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the /update.php?q=quiz resource does not validate the characters received and they are sent unfiltered to the database.
- risk 0.57cvss 8.8epss 0.01
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'fdid' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database.
- risk 0.57cvss 8.8epss 0.01
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the /update.php?q=rmquiz resource does not validate the characters received and they are sent unfiltered to the database.
- risk 0.57cvss 8.8epss 0.01
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'demail' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database.
- risk 0.57cvss 8.8epss 0.01
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'ch' parameter of the /update.php?q=addqns resource does not validate the characters received and they are sent unfiltered to the database.
- risk 0.40cvss 6.1epss 0.00
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the login.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.
- risk 0.40cvss 6.1epss 0.00
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the feed.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.
- risk 0.40cvss 6.1epss 0.00
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the admin.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.
- risk 0.40cvss 6.1epss 0.01
Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php.