SQL Injection Vulnerability in Campcodes Online Examination System
CVE-2024-4914
9.8CRITICAL
What is CVE-2024-4914?
A significant SQL injection vulnerability has been discovered in the Campcodes Online Examination System version 1.0, specifically within the processing of the 'ranking-exam.php' file. The flaw arises from improper handling of the 'exam_id' argument, which could allow attackers to manipulate SQL queries executed by the application. This could enable unauthorized access to sensitive database information, as the vulnerability permits remote exploitation by malicious actors. Prompt attention and remediation are essential to safeguard against potential attacks that could exploit this vulnerability.
Affected Version(s)
Online Examination System 1.0
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
yylm (VulDB User)