Lucene search
K
ProjectworldsOnline Examination System

16 matches found

CVE
CVE
added 2025/04/28 7:31 p.m.70 views

CVE-2025-4034

CVE-2025-4034 affects projectworlds Online Examination System 1.0. The vulnerability resides in the /inser_doc_process.php file where manipulating the Doc_ID parameter leads to SQL injection. It can be exploited remotely, and public exploit information is available. Connected sources also reitera...

9.8CVSS7.5AI score0.00432EPSS
CVE
CVE
added 2023/11/01 10:2 p.m.57 views

CVE-2023-45202

CVE-2023-45202 affects Online Examination System v1.0. The issue is multiple Open Redirects in the feed.php resource’s q parameter, enabling an attacker to redirect a victim to an arbitrary website via a crafted URL. Exploitation details are not provided in the sources. The Red Hat and PRION entr...

6.1CVSS6.3AI score0.00407EPSS
CVE
CVE
added 2023/11/01 10:11 p.m.57 views

CVE-2023-45203

CVE-2023-45203 affects Online Examination System v1.0 with open redirect vulnerabilities in the login.php component, exploitable via the q parameter to redirect users to arbitrary sites. Primary impact is user redirection; exploitation details are not described as active in the provided docs. The...

6.1CVSS6.3AI score0.00407EPSS
CVE
CVE
added 2023/12/21 3:51 p.m.52 views

CVE-2023-45118

CVE-2023-45118 affects Online Examination System v1.0, where the fdid parameter in /update.php is not validated and is sent unfiltered to the database, enabling multiple authenticated SQL injection vulnerabilities (impact described as High, CVSS 3.1). The issue stems from unsanitized input in the...

8.8CVSS9.2AI score0.00673EPSS
CVE
CVE
added 2023/11/01 9:53 p.m.52 views

CVE-2023-45201

CVE-2023-45201 affects Online Examination System v1.0. Multiple open redirect vulnerabilities exist, specifically via the q parameter in the admin.php resource, allowing a crafted URL to redirect a victim to an arbitrary website. The issue is documented across several sources in the connected set...

6.1CVSS6.2AI score0.00391EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.50 views

CVE-2022-42066

CVE-2022-42066 affects Online Examination System version 1.0, with a cross-site scripting vulnerability exploitable via index.php. The issue is a client-side input handling flaw that can expose confidentiality and integrity risks (per CVSS data: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Exploitation ...

6.1CVSS6.1AI score0.00551EPSS
CVE
CVE
added 2025/04/29 11:31 a.m.50 views

CVE-2025-4058

Projectworlds Online Examination System 1.0 is affected by a SQL injection in the Bloodgroop_process.php file, via the Pat_BloodGroup1 parameter. The vulnerability arises from improper handling of the input, allowing remote attacker access and potentially compromising confidentiality, integrity, ...

9.8CVSS7.5AI score0.00438EPSS
CVE
CVE
added 2023/12/21 4:3 p.m.47 views

CVE-2023-45119

CVE-2023-45119 concerns Online Examination System v1.0. The vulnerability is an authenticated SQL Injection in the /update.php?q=quiz endpoint, where the value of the parameter n is not validated and is passed unfiltered to the database. This exposes the system to potentially arbitrary SQL execut...

8.8CVSS9.2AI score0.00673EPSS
CVE
CVE
added 2022/01/21 3:59 p.m.45 views

CVE-2021-46307

CVE-2021-46307 affects the Projectworlds Online Examination System 1.0 . The vulnerability is an SQL injection in the parameter eid of the page account.php , caused by insufficient input filtering. The CVSS metrics indicate a CRITICAL risk (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H; base scor...

10CVSS9.8AI score0.01556EPSS
CVE
CVE
added 2024/08/15 12:0 a.m.45 views

CVE-2024-42843

CVE-2024-42843 affects Projectworlds Online Examination System v1.0, with a SQL Injection vulnerability in the subject parameter of feed.php. Multiple connected sources corroborate the issue; no authoritative patch/version is specified in the provided documents. The CVSS metrics indicate a critic...

9.8CVSS8AI score0.00625EPSS
CVE
CVE
added 2025/05/15 4:31 p.m.45 views

CVE-2025-4706

Affected software : ProjectWorlds Online Examination System 1.0. The vulnerability affects the file /Procedure3b_yearwiseVisit.php and is triggered by manipulating the Visit_year parameter. Root cause / vulnerability type : SQL injection due to improper handling of input in the affected PHP code....

9.8CVSS7.6AI score0.00421EPSS
CVE
CVE
added 2023/12/21 3:36 p.m.42 views

CVE-2023-45115

The CVE-2023-45115 entry concerns Online Examination System v1.0 with multiple Authenticated SQL Injection flaws. The issue stems from the ch parameter in the endpoint /update.php?q=addqns not validating characters before sending input to the database, enabling injection under authenticated condi...

8.8CVSS9.6AI score0.00673EPSS
CVE
CVE
added 2023/12/21 3:47 p.m.42 views

CVE-2023-45117

CVE-2023-45117 affects Online Examination System v1.0, where the authenticated user can trigger SQL Injection via the eid parameter in /update.php?q=rmquiz. The root cause is lack of input validation/unfiltered data sent to the database, enabling possible data access or modification. The vulnerab...

8.8CVSS9.2AI score0.00507EPSS
CVE
CVE
added 2023/12/21 4:21 p.m.42 views

CVE-2023-45120

Online Examination System v1.0 is affected by multiple authenticated SQL injection flaws in the /update.php?q=quiz&step=2 path where the qid parameter is not validated and its content is sent unfiltered to the database. Root cause: lack of input validation enabling harmful SQL constructs. Impact:...

8.8CVSS9.2AI score0.00646EPSS
CVE
CVE
added 2023/12/21 4:23 p.m.36 views

CVE-2023-45121

Online Examination System v1.0 is affected by multiple authenticated SQL Injection vulnerabilities. The root cause is unsanitized input in the desc parameter of /update.php?q=addquiz, which is sent unfiltered to the database. Impact is rated High for confidentiality, integrity, and availability (...

8.8CVSS9.2AI score0.00673EPSS
CVE
CVE
added 2023/12/21 3:42 p.m.35 views

CVE-2023-45116

Summary: CVE-2023-45116 concerns Online Examination System v1.0 where the 'demail' parameter of /update.php is vulnerable to authenticated SQL injection due to unfiltered input. Multiple sources describe the vulnerability as enabling unvalidated characters to reach the database, with high impact ...

8.8CVSS9.2AI score0.00673EPSS