3 matches found
CVE-2019-18344
Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection. The flaw allows remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, class, or user pages (id or classid parameters). Affected component: Online Grading System 1.0...
CVE-2019-18280
CVE-2019-18280 affects Sourcecodester Online Grading System 1.0. The vulnerability is a CSRF weakness due to lack of CSRF protection, allowing an attacker to trick an administrator into executing actions via a crafted HTML page, as demonstrated by a Create User action at the admin/modules/user/co...
CVE-2021-31650
CVE-2021-31650 affects Sourcecodester Online Grading System 1.0 with a SQL injection in the uname parameter, enabling remote attackers to execute arbitrary SQL commands. The vulnerability is rated CVSS v3.1 at 9.8 (CRITICAL). Public exploit availability is indicated (Exploit-DB). No patch/version...