SourceCodester Online Exam System POST Parameter data sql injection
CVE-2023-2697

9.8CRITICAL

Key Information:

Vendor
SourceCodester
Status
Online Exam System
Vendor
CVE Published:
14 May 2023

Summary

A vulnerability has been identified in the SourceCodester Online Exam System 1.0, specifically within the POST Parameter Handler component. This issue occurs due to improper handling of user-supplied data in the argument columns[1][data] located in the file /jurusan/data. An attacker can exploit this vulnerability to perform SQL injection, allowing for unauthorized access to the database. This exploit can be executed remotely and has been publicly disclosed, highlighting the urgency for affected users to secure their systems against potential attacks.

Affected Version(s)

Online Exam System 1.0

References

https://vuldb.com/?id.228978
vdb-entrytechnical-description
https://vuldb.com/?ctiid.228978
signaturepermissions-required
https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

huutuanbg97 (VulDB User)
.