SQL Injection Vulnerability in Projectworlds Online Examination System
CVE-2025-4058

6.9MEDIUM

Key Information:

Vendor
Projectworlds
Status
Online Examination System
Vendor
CVE Published:
29 April 2025

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A SQL injection vulnerability has been discovered in the Projectworlds Online Examination System, specifically affecting the /Bloodgroop_process.php file. By manipulating the Pat_BloodGroup1 parameter, attackers can execute arbitrary SQL queries against the database. This vulnerability can be exploited remotely, posing a significant risk to the application's data integrity. The exploit has been made public, increasing the likelihood of attacks. It is crucial for users and administrators to be aware of this vulnerability to safeguard their systems.

Affected Version(s)

Online Examination System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

attackxu (VulDB User)
.