SourceCodester Online Exam Form Submission update_s6.php sql injection
CVE-2023-3059

9.8CRITICAL

Key Information:

Vendor

SourceCodester
Status
Online Exam Form Submission
Vendor
CVE Published:
2 June 2023

What is CVE-2023-3059?

An SQL injection vulnerability exists in SourceCodester's Online Exam Form Submission 1.0, specifically located in the /admin/update_s6.php file. This vulnerability allows remote attackers to manipulate the 'id' parameter, leading to unauthorized database access and potential data compromise. The exploit has been publicly disclosed, increasing the risk of attack for systems running this affected version.

Affected Version(s)

Online Exam Form Submission 1.0

References

https://vuldb.com/?id.230565
vdb-entrytechnical-description
https://vuldb.com/?ctiid.230565
signaturepermissions-required
https://github.com/Aiiimer/requestCVE/blob/main/SQL.md
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

HaoL (VulDB User)
JSON
.