cbcvebase.

Jayesh Online Exam System vulnerabilities

4 known vulnerabilities affecting jayesh/online_exam_system.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-51567P2CRITICALCVSS 9.1v1.02026-01-12
CVE-2025-51567 [CRITICAL] CWE-89 CVE-2025-51567: A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, w A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the rname, rcollage, rnumber, rgender and rpassword parameters in a POST HTTP request.
nvd
CVE-2024-40480P3CRITICALCVSS 9.8v1.02024-08-12
CVE-2024-40480 [CRITICAL] CWE-284 CVE-2024-40480: A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kas A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access.
nvd
CVE-2024-40479P3HIGHCVSS 8.1v1.02024-08-12
CVE-2024-40479 [HIGH] CWE-89 CVE-2024-40479: A SQL injection vulnerability in "/admin/quizquestion.php" in Kashipara Online Exam System v1.0 allo A SQL injection vulnerability in "/admin/quizquestion.php" in Kashipara Online Exam System v1.0 allows remote attackers to execute arbitrary SQL commands via the "eid" parameter.
nvd
CVE-2024-40478P4MEDIUMCVSS 5.4v1.02024-08-12
CVE-2024-40478 [MEDIUM] CWE-79 CVE-2024-40478: A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/afeedback.php" in Kashipara O A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/afeedback.php" in Kashipara Online Exam System v1.0, which allows remote attackers to execute arbitrary code via "rname" and "email" parameter fields
nvd
Jayesh Online Exam System vulnerabilities | cvebase