SourceCodester Online Exam System data sql injection
CVE-2023-2771

8.8HIGH

Key Information:

Vendor
SourceCodester
Status
Online Exam System
Vendor
CVE Published:
17 May 2023

Summary

A significant vulnerability has been uncovered within the SourceCodester Online Exam System version 1.0, centered on the inadequate handling of parameters in the /jurusanmatkul/data file. Specifically, an attacker can manipulate the arguments, particularly columns[1][data], to execute SQL injection attacks. This vulnerability allows remote exploitation, potentially leading to unauthorized access to sensitive data. Public disclosure of the exploit has raised concerns about its active use in the wild, making immediate remedial actions critical for affected users.

Affected Version(s)

Online Exam System 1.0

References

https://vuldb.com/?id.229277
vdb-entrytechnical-description
https://vuldb.com/?ctiid.229277
signaturepermissions-required
https://github.com/tht1997/CVE_2023/blob/main/online_exam...
exploit

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

huutuanbg97 (VulDB User)
.