7 matches found
CVE-2023-45111
Online Examination System v1.0 contains unauthenticated SQL injection vulnerabilities in feed.php, caused by improper validation/escaping of the email parameter. This vulnerability (CVE-2023-45111) is reported across multiple sources, with the weakness described as unfiltered input reaching the d...
CVE-2020-29257
CVE-2020-29257: Cross-site scripting in Online Examination System 1.0 (SourceCodester Online Examination System) via the q parameter to feedback.php. Root cause: user input in q is not properly filtered, enabling injection of JavaScript that can execute in the victim’s browser. Documented impact:...
CVE-2020-29259
CVE-2020-29259 is a cross-site scripting (XSS) vulnerability in Online Examination System 1.0, exploitable via the subject or feedback parameter to feedback.php. The root cause is insufficient input validation/ sanitization of user-supplied data, enabling attacker-controlled script execution in t...
CVE-2020-26006
Project Worlds Online Examination System 1.0 is vulnerable to Cross-Site Scripting (XSS) via account.php. Multiple sources (NVD CVE-2020-26006; CNVD/CNNVD entries) confirm an XSS vulnerability in this version, enabling injection of malicious JavaScript to execute in a user’s browser and potential...
CVE-2020-29258
CVE-2020-29258 is an XSS vulnerability in Online Examination System 1.0, exploitable via the w parameter in index.php. The affected component is the web application’s index.php handling the w query parameter, enabling attacker-supplied script to be reflected to the user. Documented impact is clie...
CVE-2023-36256
CVE-2023-36256 affects The Online Examination System Project 1.0. The vulnerability is a CSRF flaw where an attacker can craft a malicious link that, when clicked by an admin, deletes a user account from the database via a URL parameter (email). This can cause data loss and does not require admin...
CVE-2020-25411
CVE-2020-25411 : Projectworlds Online Examination System 1.0 is vulnerable to Cross-Site Request Forgery (CSRF) , allowing a remote attacker to delete an existing user. Connected documents corroborate the CSRF root cause and the impact as user deletion. No concrete technical details (endpoints, p...