CVE-2023-45119

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 21, 2023
Updated: Feb 2, 2024
CWE ID 89

Summary

CVE-2023-45119 is a vulnerability affecting the Online Examination System v1.0. This issue involves authenticated SQL Injection, which allows attackers to inject malicious SQL commands into the application by exploiting the lack of input validation on the 'n' parameter used in the /update.php?q=quiz resource. The unfiltered user input is directly sent to the database, posing a significant risk for data manipulation and unauthorized access.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share