漏洞标题
"Campcodes在线考试系统 ranking-exam.php SQL注入"
漏洞描述信息
在Campcodes在线考试系统1.0中发现了一个被归类为“严重”的漏洞。该问题影响了文件ranking-exam.php的部分未知处理过程。通过操作参数exam_id,可以导致SQL注入攻击。攻击可以在远程发起。该漏洞已被公开披露,可能被利用。此漏洞被赋予了VDB-264449的标识符。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
漏洞标题
Campcodes Online Examination System ranking-exam.php sql injection
漏洞描述信息
A vulnerability, which was classified as critical, has been found in Campcodes Online Examination System 1.0. This issue affects some unknown processing of the file ranking-exam.php. The manipulation of the argument exam_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264449 was assigned to this vulnerability.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
漏洞类别
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
漏洞标题
Online Examination System SQL注入漏洞
漏洞描述信息
Projectworlds Online Examination System是印度Projectworlds公司的一个在线考试系统。 Online Examination System 1.0版本存在SQL注入漏洞,该漏洞源于 ranking-exam.php 包含未知代码,通过参数 exam_id 导致SQL注入。
CVSS信息
N/A
漏洞类别
SQL注入