VDB-258036 · CVE-2024-2945 · GCVE-100-258036

Campcodes Online Examination System 1.0 updateExaminee.php ID Enlakaat SQL

Ur gwallzarvoud renket evel kritikel zo bet kavet e Campcodes Online Examination System 1.0. Toc'hor eo ur fonksion dianav eus ar restr /adminpanel/admin/facebox_modal/updateExaminee.php. Ar c'hemmadur eus an arguzenn ID a gas da Enlakaat SQL. Arverañ CWE evit embann ar gudenn a gas da CWE-89. Ar gwallgornad zo bet embannet 26/03/2024. An aliadenn a zo rannet evit pellgargañ war github.com. Ar breskder-se a vez gwerzhet dindan an anv CVE-2024-2945. Posupl eo kregiñ gant an dagadenn a-bell. Emaez ez eus titouroù teknikel. Atav, ur mod da implijout an dra-se a zo. An diskoulm zo bet embannet d'ar boblañs ha gallout a ra bezañ implijet. Bremañ eo priz an exploit might be approx. USD $0-$5k evit ar mare-mañ. Disklêriet eo evel test-kas ouzhpenn. Posupl eo pellgargañ an exploit e github.com. VulDB is the best source for vulnerability data and more expert information about this specific topic.

4 Daskemmoù · 96 Poentoù roadennoù

Maez	Krouet 26/03/2024 17:35	Hizivadur 1/3 05/05/2024 09:27	Hizivadur 2/3 05/05/2024 09:31	Hizivadur 3/3 21/02/2025 20:16
software_vendor	Campcodes	Campcodes	Campcodes	Campcodes
software_name	Online Examination System	Online Examination System	Online Examination System	Online Examination System
software_version	1.0	1.0	1.0	1.0
software_file	/adminpanel/admin/facebox_modal/updateExaminee.php	/adminpanel/admin/facebox_modal/updateExaminee.php	/adminpanel/admin/facebox_modal/updateExaminee.php	/adminpanel/admin/facebox_modal/updateExaminee.php
software_argument	id	id	id	id
vulnerability_cwe	CWE-89 (Enlakaat SQL)	CWE-89 (Enlakaat SQL)	CWE-89 (Enlakaat SQL)	CWE-89 (Enlakaat SQL)
vulnerability_risk	2	2	2	2
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	L	L	L	L
cvss3_vuldb_i	L	L	L	L
cvss3_vuldb_a	L	L	L	L
cvss3_vuldb_e	P	P	P	P
cvss3_vuldb_rc	R	R	R	R
advisory_url	https://github.com/E1CHO/cve_hub/blob/main/Online%20Examination%20System/Online%20Examination%20System%20-%20vuln%205.pdf	https://github.com/E1CHO/cve_hub/blob/main/Online%20Examination%20System/Online%20Examination%20System%20-%20vuln%205.pdf	https://github.com/E1CHO/cve_hub/blob/main/Online%20Examination%20System/Online%20Examination%20System%20-%20vuln%205.pdf	https://github.com/E1CHO/cve_hub/blob/main/Online%20Examination%20System/Online%20Examination%20System%20-%20vuln%205.pdf
exploit_availability	1	1	1	1
exploit_publicity	1	1	1	1
exploit_url	https://github.com/E1CHO/cve_hub/blob/main/Online%20Examination%20System/Online%20Examination%20System%20-%20vuln%205.pdf	https://github.com/E1CHO/cve_hub/blob/main/Online%20Examination%20System/Online%20Examination%20System%20-%20vuln%205.pdf	https://github.com/E1CHO/cve_hub/blob/main/Online%20Examination%20System/Online%20Examination%20System%20-%20vuln%205.pdf	https://github.com/E1CHO/cve_hub/blob/main/Online%20Examination%20System/Online%20Examination%20System%20-%20vuln%205.pdf
source_cve	CVE-2024-2945	CVE-2024-2945	CVE-2024-2945	CVE-2024-2945
cna_responsible	VulDB	VulDB	VulDB	VulDB
advisory_date	1711407600 (26/03/2024)	1711407600 (26/03/2024)	1711407600 (26/03/2024)	1711407600 (26/03/2024)
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_ci	P	P	P	P
cvss2_vuldb_ii	P	P	P	P
cvss2_vuldb_ai	P	P	P	P
cvss2_vuldb_e	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_ui	N	N	N	N
cvss4_vuldb_vc	L	L	L	L
cvss4_vuldb_vi	L	L	L	L
cvss4_vuldb_va	L	L	L	L
cvss4_vuldb_e	P	P	P	P
cvss2_vuldb_au	S	S	S	S
cvss2_vuldb_rl	ND	ND	ND	ND
cvss3_vuldb_pr	L	L	L	L
cvss3_vuldb_rl	X	X	X	X
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_pr	L	L	L	L
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss2_vuldb_basescore	6.5	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.6	5.6	5.6	5.6
cvss3_vuldb_basescore	6.3	6.3	6.3	6.3
cvss3_vuldb_tempscore	5.7	5.7	5.7	5.7
cvss3_meta_basescore	6.3	6.3	6.3	6.4
cvss3_meta_tempscore	5.7	5.7	6.0	6.2
cvss4_vuldb_bscore	5.3	5.3	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1	2.1	2.1
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1711407600 (26/03/2024)	1711407600 (26/03/2024)	1711407600 (26/03/2024)
cve_nvd_summary		A vulnerability was found in Campcodes Online Examination System 1.0. It has been classified as critical. Affected is an unknown function of the file /adminpanel/admin/facebox_modal/updateExaminee.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258036.	A vulnerability was found in Campcodes Online Examination System 1.0. It has been classified as critical. Affected is an unknown function of the file /adminpanel/admin/facebox_modal/updateExaminee.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258036.	A vulnerability was found in Campcodes Online Examination System 1.0. It has been classified as critical. Affected is an unknown function of the file /adminpanel/admin/facebox_modal/updateExaminee.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258036.
cvss2_nvd_au			S	S
cvss2_nvd_ci			P	P
cvss2_nvd_ii			P	P
cvss2_nvd_ai			P	P
cvss3_cna_av			N	N
cvss3_cna_ac			L	L
cvss3_cna_pr			L	L
cvss3_cna_ui			N	N
cvss3_cna_s			U	U
cvss3_cna_c			L	L
cvss3_cna_i			L	L
cvss3_cna_a			L	L
cve_cna			VulDB	VulDB
cvss2_nvd_basescore			6.5	6.5
cvss3_cna_basescore			6.3	6.3
cvss2_nvd_av			N	N
cvss2_nvd_ac			L	L
cve_nvd_summaryes				Se encontró una vulnerabilidad en Campcodes Online Examination System 1.0. Ha sido clasificada como crítica. Una función desconocida del archivo /adminpanel/admin/facebox_modal/updateExaminee.php es afectada por esta vulnerabilidad. La manipulación del argumento id conduce a la inyección de SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-258036.
cvss3_nvd_av				N
cvss3_nvd_ac				L
cvss3_nvd_pr				L
cvss3_nvd_ui				N
cvss3_nvd_s				U
cvss3_nvd_c				H
cvss3_nvd_i				N
cvss3_nvd_a				N
cvss3_nvd_basescore				6.5
cvss2_cna_av				N
cvss2_cna_ac				L
cvss2_cna_au				S
cvss2_cna_ci				P
cvss2_cna_ii				P
cvss2_cna_ai				P
cvss2_cna_basescore				6.5

◂ Distreiñ Alc'hwezerezh Kenderc'hel ▸