Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Online_examination_system
(Projectworlds)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 13 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-08-15 | CVE-2024-42843 | Projectworlds Online Examination System v1.0 is vulnerable to SQL Injection via the subject parameter in feed.php. | Online_examination_system | 9.8 | ||
| 2023-12-21 | CVE-2023-45116 | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'demail' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database. | Online_examination_system | 8.8 | ||
| 2023-12-21 | CVE-2023-45117 | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the /update.php?q=rmquiz resource does not validate the characters received and they are sent unfiltered to the database. | Online_examination_system | 8.8 | ||
| 2023-12-21 | CVE-2023-45118 | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'fdid' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database. | Online_examination_system | 8.8 | ||
| 2023-12-21 | CVE-2023-45119 | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the /update.php?q=quiz resource does not validate the characters received and they are sent unfiltered to the database. | Online_examination_system | 8.8 | ||
| 2023-12-21 | CVE-2023-45120 | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'qid' parameter of the /update.php?q=quiz&step=2 resource does not validate the characters received and they are sent unfiltered to the database. | Online_examination_system | 8.8 | ||
| 2023-12-21 | CVE-2023-45121 | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'desc' parameter of the /update.php?q=addquiz resource does not validate the characters received and they are sent unfiltered to the database. | Online_examination_system | 8.8 | ||
| 2023-12-21 | CVE-2023-45115 | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'ch' parameter of the /update.php?q=addqns resource does not validate the characters received and they are sent unfiltered to the database. | Online_examination_system | 8.8 | ||
| 2023-11-01 | CVE-2023-45201 | Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the admin.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | Online_examination_system | 6.1 | ||
| 2023-11-01 | CVE-2023-45202 | Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the feed.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | Online_examination_system | 6.1 |