Online Exam System

online_exam_system

Vendor: Jayesh • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-51567 1Jayesh 1Online Exam System Jan 16, 2026 Jan 12, 2026 N/A· v4 9.1 CRITICAL· v3 N/A· v2 A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the rname, rcollag...Show more A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the rname, rcollage, rnumber, rgender and rpassword parameters in a POST HTTP request.Show less
CVE-2024-40480 1Jayesh 1Online Exam System Mar 14, 2025 Aug 12, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete...Show more A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access.Show less
CVE-2024-40479 1Jayesh 1Online Exam System Nov 19, 2025 Aug 12, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 A SQL injection vulnerability in "/admin/quizquestion.php" in Kashipara Online Exam System v1.0 allows remote attackers to execute arbitrary SQL commands via the "eid" parameter.
CVE-2024-40478 1Jayesh 1Online Exam System Mar 13, 2025 Aug 12, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/afeedback.php" in Kashipara Online Exam System v1.0, which allows remote attackers to execute arbitrary code via "rname" and "email" parameter fields