Skip to main content

Online Examination System CVE-2023-36256

MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2023-07-07 cve@mitre.org
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 07, 2023 - 18:15 nvd
MEDIUM 6.5

DescriptionNVD

The Online Examination System Project 1.0 version is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can craft a malicious link that, when clicked by an admin user, will delete a user account from the database without the admin's consent. The email of the user to be deleted is passed as a parameter in the URL, which can be manipulated by the attacker. This could result in a loss of data.

AnalysisAI

The Online Examination System Project 1.0 version is vulnerable to Cross-Site Request Forgery (CSRF) attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. The Online Examination System Project 1.0 version is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can craft a malicious link that, when clicked by an admin user, will delete a user account from the database without the admin's consent. The email of the user to be deleted is passed as a parameter in the URL, which can be manipulated by the attacker. This could result in a loss of data. Affected products include: Online Examination System Project Online Examination System.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2024-42843 CRITICAL POC
9.8 Aug 15

Projectworlds Online Examination System v1.0 is vulnerable to SQL Injection via the subject parameter in feed.php. Rated

CVE-2024-2941 CRITICAL POC
9.8 Mar 27

A vulnerability, which was classified as critical, has been found in Campcodes Online Examination System 1.0. Rated crit

CVE-2023-45111 CRITICAL POC
9.8 Nov 02

Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical s

CVE-2023-45121 HIGH POC
8.8 Dec 21

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severit

CVE-2023-45120 HIGH POC
8.8 Dec 21

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severit

CVE-2023-45119 HIGH POC
8.8 Dec 21

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severit

CVE-2023-45118 HIGH POC
8.8 Dec 21

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severit

CVE-2023-45116 HIGH POC
8.8 Dec 21

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severit

CVE-2023-45115 HIGH POC
8.8 Dec 21

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severit

CVE-2025-4058 MEDIUM POC
6.9 Apr 29

A vulnerability classified as critical has been found in Projectworlds Online Examination System 1.0. Rated medium sever

CVE-2025-4034 MEDIUM POC
6.9 Apr 28

A vulnerability classified as critical was found in projectworlds Online Examination System 1.0. Rated medium severity (

CVE-2024-5116 MEDIUM POC
6.9 May 20

A vulnerability, which was classified as critical, has been found in SourceCodester Online Examination System 1.0. Rated

Share

CVE-2023-36256 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy