SQL Injection Vulnerability in Campcodes Online Examination System
CVE-2024-4919

9.8CRITICAL

Key Information:

Vendor: Campcodes
Status: Online Examination System
Vendor: CVE Published:; 16 May 2024

Summary

A significant security flaw has been identified in the Campcodes Online Examination System version 1.0, specifically within the /adminpanel/admin/query/addCourseExe.php script. This vulnerability allows attackers to exploit the 'course_name' argument, leading to potential SQL injection attacks. Attackers can remotely execute malicious SQL code, potentially compromising sensitive data within the application. As this vulnerability has been publicly disclosed, it is imperative for users to apply security patches promptly and implement measures to secure their systems against such attacks. Regular security assessments are recommended to identify and mitigate similar vulnerabilities.

References

https://vuldb.com/?id.264454

https://vuldb.com/?ctiid.264454

https://vuldb.com/?submit.333416

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 16, 2024