code-projects Exam Form Submission update_s8.php sql injection

July 28, 2025 invoker category_cve

CVE Details

Basic Information

Title	code-projects Exam Form Submission update_s8.php sql injection
Type	cve
Published	2025-07-28T11:02:05.676Z
Modified	2025-07-28T11:02:05.676Z

Product Information

Vendor	code-projects
Product	Exam Form Submission
Version	1.0

CVSS Information

Base Score	6.9 (MEDIUM)
Attack Vector	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Affected Products

code-projects Exam Form Submission 1.0

Additional Information

CWE List	CWE-89, CWE-74
Source	VulDB

Description

A vulnerability classified as critical has been found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/update_s8.php. The manipulation of the argument credits leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

References

https://vuldb.com/?id.317862
https://vuldb.com/?ctiid.317862
https://vuldb.com/?submit.622555
https://github.com/mynlxx/CVE-ZhuChengQing/issues/3
https://code-projects.org/

View Full CVE Details