SQL Injection Vulnerability in Campcodes Online Examination System
CVE-2024-4914

9.8CRITICAL

Key Information:

Vendor: Campcodes
Status: Online Examination System
Vendor: CVE Published:; 15 May 2024

Badges

👾 Exploit Exists

What is CVE-2024-4914?

A significant SQL injection vulnerability has been discovered in the Campcodes Online Examination System version 1.0, specifically within the processing of the 'ranking-exam.php' file. The flaw arises from improper handling of the 'exam_id' argument, which could allow attackers to manipulate SQL queries executed by the application. This could enable unauthorized access to sensitive database information, as the vulnerability permits remote exploitation by malicious actors. Prompt attention and remediation are essential to safeguard against potential attacks that could exploit this vulnerability.