224 matches found
CVE-2026-6573 PHPEMS Instant Exam Creation exams.master.php temppage server-side request forgery
A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely...
CVE-2026-6573 PHPEMS Instant Exam Creation exams.master.php temppage server-side request forgery
A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely...
EUVD-2020-30930
Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. Attackers can exploit the 'feed.php' endpoint by crafting malicious payload requests that use time delays to systematically enumerate use...
EUVD-2020-30925
Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete database information...
CVE-2020-37057
Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete database information...
CVE-2020-37057
Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete database information...
CVE-2020-37051
Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. Attackers can exploit the 'feed.php' endpoint by crafting malicious payload requests that use time delays to systematically enumerate use...
CVE-2020-37051
Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. Attackers can exploit the 'feed.php' endpoint by crafting malicious payload requests that use time delays to systematically enumerate use...
CVE-2020-37057 Online-Exam-System 2015 - 'fid' SQL Injection
Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete database information...
CVE-2020-37057 Online-Exam-System 2015 - 'fid' SQL Injection
Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete database information...
CVE-2020-37057
Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete database information...
CVE-2020-37057
CVE-2020-37057 affects Online-Exam-System 2015, where a SQL injection in the feedback module is triggered via the fid parameter. The root cause is unsafely constructed SQL queries allowing attackers to manipulate queries, potentially exfiltrate or modify data. CVSS metrics indicate a high-severit...
CVE-2020-37051
Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. Attackers can exploit the 'feed.php' endpoint by crafting malicious payload requests that use time delays to systematically enumerate use...
CVE-2020-37051 Online-Exam-System 2015 - 'feedback' SQL Injection
Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. Attackers can exploit the 'feed.php' endpoint by crafting malicious payload requests that use time delays to systematically enumerate use...
CVE-2020-37051
CVE-2020-37051 affects the Online-Exam-System 2015. A time-based blind SQL injection in the feedback form enables attackers to extract database password hashes via the feed.php endpoint, using crafted time-delayed payloads to enumerate password characters. Reported CVSS metrics (v3.1, base score ...
CVE-2020-37051 Online-Exam-System 2015 - 'feedback' SQL Injection
Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. Attackers can exploit the 'feed.php' endpoint by crafting malicious payload requests that use time delays to systematically enumerate use...
PT-2026-5488
Name of the Vulnerable Software and Affected Versions Online-Exam-System version 2015 Description The software contains a time-based blind SQL injection issue in the feedback form. This allows attackers to extract database password hashes. The issue is exploitable through the 'feed.php' endpoint ...
Online-Exam-System – SQL Injection Vulnerabilities
Online-Exam-System is an online examination system developed by Sunny Prakash Tiwari. The 2015 version of Online-Exam-System has a SQL injection vulnerability. This vulnerability stems from parameters “fid” in the feedback module, which may allow attackers to manipulate database queries...
Online-Exam-System – SQL Injection Vulnerabilities
Online-Exam-System is an online examination system developed by Sunny Prakash Tiwari. The 2015 version of Online-Exam-System has a SQL injection vulnerability. This vulnerability stems from a time-based blind SQL injection in the feedback form, which may lead to the extraction of database passwor...
PT-2026-5493
Name of the Vulnerable Software and Affected Versions Online-Exam-System version 2015 Description The software contains a SQL injection issue within the feedback module. Attackers can manipulate database queries by injecting malicious SQL code through the fid parameter. This could allow attackers...