Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Online_examination_system
(Projectworlds)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 17 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-10-14 | CVE-2022-42066 | Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php. | Online_examination_system | 6.1 | ||
| 2025-04-29 | CVE-2025-4058 | A vulnerability classified as critical has been found in Projectworlds Online Examination System 1.0. This affects an unknown part of the file /Bloodgroop_process.php. The manipulation of the argument Pat_BloodGroup1 leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | Online_examination_system | 9.8 | ||
| 2025-04-28 | CVE-2025-4034 | A vulnerability classified as critical was found in projectworlds Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /inser_doc_process.php. The manipulation of the argument Doc_ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | Online_examination_system | 9.8 | ||
| 2025-04-28 | CVE-2025-4034 | A vulnerability classified as critical was found in projectworlds Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /inser_doc_process.php. The manipulation of the argument Doc_ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | Online_examination_system | 9.8 | ||
| 2025-04-28 | CVE-2025-4034 | A vulnerability classified as critical was found in projectworlds Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /inser_doc_process.php. The manipulation of the argument Doc_ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | Online_examination_system | 9.8 | ||
| 2022-01-21 | CVE-2021-46307 | An SQL Injection vulnerability exists in Projectworlds Online Examination System 1.0 via the eid parameter in account.php. | Online_examination_system | 9.8 | ||
| 2023-11-01 | CVE-2023-45201 | Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the admin.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | Online_examination_system | N/A | ||
| 2023-11-01 | CVE-2023-45202 | Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the feed.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | Online_examination_system | N/A | ||
| 2023-11-01 | CVE-2023-45203 | Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the login.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | Online_examination_system | N/A | ||
| 2024-08-15 | CVE-2024-42843 | Projectworlds Online Examination System v1.0 is vulnerable to SQL Injection via the subject parameter in feed.php. | Online_examination_system | 9.8 |