CVE Details
Basic Information
| Title | Campcodes Online Examination System deleteQuestionExe.php sql injection |
|---|---|
| Type | cve |
| Published | 2024-03-27T02:00:07.466Z |
| Modified | 2024-08-12T15:05:11.062Z |
Product Information
| Vendor | Campcodes |
|---|---|
| Product | Online Examination System |
| Version | 1.0 |
CVSS Information
| Base Score | 6.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
AI Analysis
| AI Description | A SQL injection vulnerability was discovered in Campcodes Online Examination System version 1.0. This issue affects the deleteQuestionExe.php file and can be exploited remotely, allowing attackers to manipulate the ‘id’ argument. The vulnerability has been publicly disclosed and could be exploited using available methods. |
|---|---|
| AI Severity | Medium |
| AI Vendor | Campcodes |
| AI Product | Online Examination System |
| AI Version | 1.0 |
Affected Products
- Campcodes Online Examination System 1.0
Additional Information
| CWE List | CWE-89 |
|---|---|
| Source | VulDB |
Description
A vulnerability, which was classified as critical, was found in Campcodes Online Examination System 1.0. This affects an unknown part of the file /adminpanel/admin/query/deleteQuestionExe.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258033 was assigned to this vulnerability.