SQL Injection Vulnerability in SourceCodester Online Examination System
CVE-2024-5116

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Online Examination System
Vendor: CVE Published:; 20 May 2024

Summary

A recently discovered vulnerability in SourceCodester's Online Examination System version 1.0 allows for SQL injection through improper handling of the 'vote' parameter in the save.php file. This flaw could be exploited remotely, enabling attackers to manipulate the database without proper authorization. The SQL injection may lead to unauthorized data access or data manipulation, posing significant risks to overall system integrity and confidentiality. Users of the affected version are strongly advised to implement security patches and review their systems for potential exploits.

References

https://vuldb.com/?id.265196

https://vuldb.com/?ctiid.265196

https://vuldb.com/?submit.338578

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 20, 2024