Online Exam System is an online exam system. Online Exam System v1.0 suffers from a SQL injection vulnerability, which originates from the lack of validation of the parameters columns, data of /classes/Master.php?f=delete_service/kelasdosen/data for external input SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands to steal sensitive database data.