Description

A vulnerability classified as critical has been found in SourceCodester Simple Realtime Quiz System 1.0. This affects an unknown part of the file /ajax.php?action=load_answered. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273357 was assigned to this vulnerability.

Related CPE's

a

oretnom23

simple_realtime_quiz_system

1.0

Vulnerable

References

https://gist.github.com/topsky979/9bcb8b09acce0d5a8a453dfd5093881d

Exploit

https://vuldb.com/?ctiid.273357

Permissions Required

https://vuldb.com/?id.273357

Third Party Advisory

https://vuldb.com/?submit.383521

Third Party AdvisoryVDB Entry

Weaknesses

[email protected]

Primary
CWE-89

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2024-08-02T00:15:49.667

11 months ago

Last modified

2024-08-07T18:45:29.873

11 months ago