SQL Injection Vulnerability in Projectworlds Online Examination System
CVE-2025-4058
Key Information:
- Vendor
- Projectworlds
- Status
- Online Examination System
- Vendor
- CVE Published:
- 29 April 2025
Badges
Summary
A SQL injection vulnerability has been discovered in the Projectworlds Online Examination System, specifically affecting the /Bloodgroop_process.php file. By manipulating the Pat_BloodGroup1 parameter, attackers can execute arbitrary SQL queries against the database. This vulnerability can be exploited remotely, posing a significant risk to the application's data integrity. The exploit has been made public, increasing the likelihood of attacks. It is crucial for users and administrators to be aware of this vulnerability to safeguard their systems.
Affected Version(s)
Online Examination System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved