Vulnerabilities > Projectworlds > Online Examination System > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-21 CVE-2023-45120 SQL Injection vulnerability in Projectworlds Online Examination System 1.0
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'qid' parameter of the /update.php?q=quiz&step=2 resource does not validate the characters received and they are sent unfiltered to the database.
network
low complexity
projectworlds CWE-89
8.8
8.8
2023-12-21 CVE-2023-45121 SQL Injection vulnerability in Projectworlds Online Examination System 1.0
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'desc' parameter of the /update.php?q=addquiz resource does not validate the characters received and they are sent unfiltered to the database.
network
low complexity
projectworlds CWE-89
8.8
8.8
2023-12-21 CVE-2023-45115 SQL Injection vulnerability in Projectworlds Online Examination System 1.0
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'ch' parameter of the /update.php?q=addqns resource does not validate the characters received and they are sent unfiltered to the database.
network
low complexity
projectworlds CWE-89
8.8
8.8
2023-12-21 CVE-2023-45116 SQL Injection vulnerability in Projectworlds Online Examination System 1.0
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'demail' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database.
network
low complexity
projectworlds CWE-89
8.8
8.8
2023-12-21 CVE-2023-45117 SQL Injection vulnerability in Projectworlds Online Examination System 1.0
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the /update.php?q=rmquiz resource does not validate the characters received and they are sent unfiltered to the database.
network
low complexity
projectworlds CWE-89
8.8
8.8
2023-12-21 CVE-2023-45118 SQL Injection vulnerability in Projectworlds Online Examination System 1.0
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'fdid' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database.
network
low complexity
projectworlds CWE-89
8.8
8.8
2023-12-21 CVE-2023-45119 SQL Injection vulnerability in Projectworlds Online Examination System 1.0
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the /update.php?q=quiz resource does not validate the characters received and they are sent unfiltered to the database.
network
low complexity
projectworlds CWE-89
8.8
8.8