SourceCodester Automatic Question Paper Generator System GET Parameter manage_question_paper.php sql injection
CVE-2023-1474
Key Information:
- Vendor
- Sourcecodester
- Vendor
- CVE Published:
- 17 March 2023
Badges
Summary
A vulnerability exists in the SourceCodester Automatic Question Paper Generator System 1.0, specifically in the GET Parameter Handler component. This flaw allows an attacker to manipulate the 'id' parameter in the 'manage_question_paper.php' file, leading to potential SQL injection attacks. The exploit can be executed remotely, making it particularly concerning for users of this system, as it may allow unauthorized access to sensitive information.
Affected Version(s)
Automatic Question Paper Generator System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
CVSS V3.0
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved