Online Event Judging System
Monthly
SQL injection in code-projects Online Event Judging System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the judge_id parameter in /edit_judge.php, with publicly available exploit code demonstrating the vulnerability. The low CVSS score (2.1) reflects limited confidentiality impact and required authentication, but the SQL injection itself is a high-severity vulnerability class that could enable data exfiltration or modification depending on database permissions and downstream query construction.
SQL injection in code-projects Online Event Judging System 1.0 via the crit_id parameter in /edit_criteria.php allows authenticated remote attackers to manipulate database queries with low confidentiality and integrity impact. Exploitation requires valid user authentication but can be executed remotely with no user interaction. Publicly available exploit code exists; however, the EPSS score of 0.03% (8th percentile) indicates this vulnerability has minimal real-world exploitation probability despite public disclosure.
SQL injection in code-projects Online Event Judging System 1.0 allows authenticated remote attackers to manipulate the contestant_id parameter in /edit_contestant.php, resulting in limited confidentiality, integrity, and availability impact. The vulnerability has a publicly available exploit and low EPSS score (0.03%), suggesting it poses minimal real-world risk despite public exploit availability.
SQL injection in code-projects Online Event Judging System 1.0 allows authenticated remote attackers to manipulate the fullname parameter in /add_contestant.php, enabling database queries with limited data access. The vulnerability has low real-world risk despite public exploit availability, as it requires valid user authentication and produces only limited information disclosure (CVSS 2.1, EPSS 0.03%), though organizations running this application should apply fixes promptly to eliminate the attack vector entirely.
SQL injection in code-projects Online Event Judging System 1.0 allows authenticated remote attackers to manipulate the fullname parameter in /add_judge.php, enabling limited data extraction with low confidentiality impact. The CVSS 2.1 score reflects the authentication requirement and bounded scope, but publicly available exploit code exists; however, the 0.03% EPSS percentile indicates minimal real-world exploitation probability despite public POC availability.
SQL injection in code-projects Online Event Judging System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the content parameter in /ajax/action.php, resulting in limited confidentiality, integrity, and availability impact. Publicly available exploit code exists, though EPSS scoring (0.03%) suggests minimal real-world exploitation despite public POC availability. The vulnerability requires prior authentication, significantly limiting practical attack surface.
SQL injection in code-projects Online Event Judging System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the judge_id parameter in /edit_judge.php, with publicly available exploit code demonstrating the vulnerability. The low CVSS score (2.1) reflects limited confidentiality impact and required authentication, but the SQL injection itself is a high-severity vulnerability class that could enable data exfiltration or modification depending on database permissions and downstream query construction.
SQL injection in code-projects Online Event Judging System 1.0 via the crit_id parameter in /edit_criteria.php allows authenticated remote attackers to manipulate database queries with low confidentiality and integrity impact. Exploitation requires valid user authentication but can be executed remotely with no user interaction. Publicly available exploit code exists; however, the EPSS score of 0.03% (8th percentile) indicates this vulnerability has minimal real-world exploitation probability despite public disclosure.
SQL injection in code-projects Online Event Judging System 1.0 allows authenticated remote attackers to manipulate the contestant_id parameter in /edit_contestant.php, resulting in limited confidentiality, integrity, and availability impact. The vulnerability has a publicly available exploit and low EPSS score (0.03%), suggesting it poses minimal real-world risk despite public exploit availability.
SQL injection in code-projects Online Event Judging System 1.0 allows authenticated remote attackers to manipulate the fullname parameter in /add_contestant.php, enabling database queries with limited data access. The vulnerability has low real-world risk despite public exploit availability, as it requires valid user authentication and produces only limited information disclosure (CVSS 2.1, EPSS 0.03%), though organizations running this application should apply fixes promptly to eliminate the attack vector entirely.
SQL injection in code-projects Online Event Judging System 1.0 allows authenticated remote attackers to manipulate the fullname parameter in /add_judge.php, enabling limited data extraction with low confidentiality impact. The CVSS 2.1 score reflects the authentication requirement and bounded scope, but publicly available exploit code exists; however, the 0.03% EPSS percentile indicates minimal real-world exploitation probability despite public POC availability.
SQL injection in code-projects Online Event Judging System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the content parameter in /ajax/action.php, resulting in limited confidentiality, integrity, and availability impact. Publicly available exploit code exists, though EPSS scoring (0.03%) suggests minimal real-world exploitation despite public POC availability. The vulnerability requires prior authentication, significantly limiting practical attack surface.