VYPR

Online Exam System

by Sunnygkp10

Source repositories

CVEs (15)

  • CVE-2024-57370MedJan 17, 2025
    risk 0.40cvss 6.1epss 0.00

    Cross Site Scripting vulnerability in sunnygkp10 Online Exam System master version allows a remote attacker to obtain sensitive information via the w parameter.

  • CVE-2020-37057Jan 30, 2026
    risk 0.00cvss epss 0.01

    Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete…

  • CVE-2020-37051Jan 30, 2026
    risk 0.00cvss epss 0.00

    Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. Attackers can exploit the 'feed.php' endpoint by crafting malicious payload requests that use time delays to…

  • CVE-2025-51567Jan 12, 2026
    risk 0.00cvss epss 0.00

    A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the rname, rcollage, rnumber, rgender and rpassword parameters in a POST HTTP…

  • CVE-2024-40478Aug 9, 2024
    risk 0.00cvss epss 0.01

    A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/afeedback.php" in Kashipara Online Exam System v1.0, which allows remote attackers to execute arbitrary code via "rname" and "email" parameter fields

  • CVE-2024-40479Aug 9, 2024
    risk 0.00cvss epss 0.01

    A SQL injection vulnerability in "/admin/quizquestion.php" in Kashipara Online Exam System v1.0 allows remote attackers to execute arbitrary SQL commands via the "eid" parameter.

  • CVE-2024-40480Aug 9, 2024
    risk 0.00cvss epss 0.01

    A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access.

  • CVE-2023-2771May 17, 2023
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, has been found in SourceCodester Online Exam System 1.0. This issue affects some unknown processing of the file /jurusanmatkul/data. The manipulation of the argument columns[1][data] leads to sql injection. The attack may be…

  • CVE-2023-2770May 17, 2023
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in SourceCodester Online Exam System 1.0. This vulnerability affects unknown code of the file /kelasdosen/data. The manipulation of the argument columns[1][data] leads to sql injection. The attack can be initiated remotely. The…

  • CVE-2023-2697May 14, 2023
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in SourceCodester Online Exam System 1.0. Affected is an unknown function of the file /jurusan/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql injection. It is…

  • CVE-2023-2696May 14, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Online Exam System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /matkul/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql…

  • CVE-2023-2695May 14, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Online Exam System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /kelas/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql…

  • CVE-2023-2694May 14, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Online Exam System 1.0. It has been classified as critical. This affects an unknown part of the file /dosen/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql injection. It is…

  • CVE-2023-2693May 14, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Online Exam System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /mahasiswa/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql…

  • CVE-2023-2642May 11, 2023
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in SourceCodester Online Exam System 1.0. This affects an unknown part of the file adminpanel/admin/facebox_modal/updateCourse.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql…