Skip to main content

Online Examination

2 CVEs product

Monthly

CVE-2026-14706 LOW POC Monitor

SQL injection in code-projects Online Examination 1.0 allows authenticated remote attackers to manipulate database queries through multiple unsanitized parameters in the Quiz Creation Feature. The endpoint /update.php?q=addquiz accepts user-supplied input for the name, total, right, wrong, time, tag, and desc arguments without adequate sanitization, enabling read and write access to the underlying database. A public proof-of-concept exploit exists on GitHub, though the application's extremely limited deployment footprint constrains real-world impact.

SQLi PHP Online Examination
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-14705 MEDIUM POC This Month

SQL injection in code-projects Online Examination 1.0 exposes the login endpoint to unauthenticated remote attackers via the uname and password parameters in head.php. Manipulation of either parameter enables classic SQL injection, allowing database enumeration, authentication bypass, and potential data manipulation against any deployed instance. A public proof-of-concept exploit is available on GitHub (no public exploit identified as KEV), making weaponization trivial for low-skill attackers targeting this application.

SQLi PHP Online Examination
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.3%
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in code-projects Online Examination 1.0 allows authenticated remote attackers to manipulate database queries through multiple unsanitized parameters in the Quiz Creation Feature. The endpoint /update.php?q=addquiz accepts user-supplied input for the name, total, right, wrong, time, tag, and desc arguments without adequate sanitization, enabling read and write access to the underlying database. A public proof-of-concept exploit exists on GitHub, though the application's extremely limited deployment footprint constrains real-world impact.

SQLi PHP Online Examination
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in code-projects Online Examination 1.0 exposes the login endpoint to unauthenticated remote attackers via the uname and password parameters in head.php. Manipulation of either parameter enables classic SQL injection, allowing database enumeration, authentication bypass, and potential data manipulation against any deployed instance. A public proof-of-concept exploit is available on GitHub (no public exploit identified as KEV), making weaponization trivial for low-skill attackers targeting this application.

SQLi PHP Online Examination
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy