CVE-2023-45120

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 21, 2023

Updated: Feb 2, 2024

CWE ID 89

Summary

CVE-2023-45120 is a vulnerability affecting the Online Examination System v1.0. This issue allows authenticated attackers to inject SQL queries into the application through the 'qid' parameter in the /update.php?q=quiz&step=2 resource. The input received by the server is not validated, allowing attackers to manipulate database queries, potentially leading to data theft, unauthorized access, or system compromise.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/s5C_4s
https://www.cve.org/CVERecord?id=CVE-2023-45120
https://nvd.nist.gov/vuln/detail/CVE-2023-45120

Back to Vulnerability Database

CVE-2023-45120

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations