Projectworlds Online Examination System 1.0
Approved changes feed: RSS · Atom
cpe:2.3:a:projectworlds:online_examination_system:1.0:*:*:*:*:*:*:*
part: a version: 1.0 update: *
| Vendor | Projectworlds (1c49ba31-3767-5ff6-9610-c6dcb2aee835) |
|---|---|
| Product | Online Examination System (495971d3-90de-585b-ad4e-4d95e46556d6) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/projectworldsofficial/online-examination-systen-in-php |
purl2cpe | 2026-06-01 10:16:18.483825 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-4706 |
vulnerable | 2026-06-03 15:01:48.596351 |
projectworlds Online Examination System Procedure3b_yearwiseVisit.php sql injection
HIGH (7.3)
A vulnerability was found in projectworlds Online Examination System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Procedure3b_yearwiseVisit.php. The manipulation of the argument Visit_year leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Published: 2025-05-15T16:31:04.462Z
Updated: 2025-05-15T19:48:51.315Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-4058 |
vulnerable | 2026-06-03 15:01:46.661588 |
Projectworlds Online Examination System Bloodgroop_process.php sql injection
HIGH (7.3)
A vulnerability classified as critical has been found in Projectworlds Online Examination System 1.0. This affects an unknown part of the file /Bloodgroop_process.php. The manipulation of the argument Pat_BloodGroup1 leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Published: 2025-04-29T11:31:03.566Z
Updated: 2025-04-29T13:20:17.241Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-4034 |
vulnerable | 2026-06-03 15:01:46.571323 |
projectworlds Online Examination System inser_doc_process.php sql injection
HIGH (7.3)
A vulnerability classified as critical was found in projectworlds Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /inser_doc_process.php. The manipulation of the argument Doc_ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Published: 2025-04-28T19:31:03.828Z
Updated: 2025-04-28T21:54:07.063Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-42843 |
vulnerable | 2026-06-03 14:56:43.015818 |
Details available
Projectworlds Online Examination System v1.0 is vulnerable to SQL Injection via the subject parameter in feed.php.
Published: 2024-08-15T00:00:00.000Z
Updated: 2024-08-19T18:36:07.165Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45203 |
vulnerable | 2026-06-03 14:53:07.723078 |
Online Examination System v1.0 - Multiple Open Redirects
MEDIUM (6.1)
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the login.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.
Published: 2023-11-01T22:11:49.439Z
Updated: 2024-09-05T14:36:18.483Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45202 |
vulnerable | 2026-06-03 14:53:07.722745 |
Online Examination System v1.0 - Multiple Open Redirects
MEDIUM (6.1)
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the feed.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.
Published: 2023-11-01T22:02:45.250Z
Updated: 2024-09-05T14:36:41.811Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45201 |
vulnerable | 2026-06-03 14:53:07.722385 |
Online Examination System v1.0 - Multiple Open Redirects
MEDIUM (6.1)
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the admin.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.
Published: 2023-11-01T21:53:07.852Z
Updated: 2024-09-05T14:37:05.731Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45121 |
vulnerable | 2026-06-03 14:53:07.567978 |
Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi)
HIGH (8.8)
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'desc' parameter of the /update.php?q=addquiz resource does not validate the characters received and they are sent unfiltered to the database.
Published: 2023-12-21T16:23:47.795Z
Updated: 2025-05-19T14:11:21.801Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45120 |
vulnerable | 2026-06-03 14:53:07.567710 |
Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi)
HIGH (8.8)
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'qid' parameter of the /update.php?q=quiz&step=2 resource does not validate the characters received and they are sent unfiltered to the database.
Published: 2023-12-21T16:21:38.806Z
Updated: 2025-05-19T14:11:02.286Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45119 |
vulnerable | 2026-06-03 14:53:07.567347 |
Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi)
HIGH (8.8)
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the /update.php?q=quiz resource does not validate the characters received and they are sent unfiltered to the database.
Published: 2023-12-21T16:03:38.226Z
Updated: 2025-05-19T14:10:27.422Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45118 |
vulnerable | 2026-06-03 14:53:07.567062 |
Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi)
HIGH (8.8)
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'fdid' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database.
Published: 2023-12-21T15:51:50.440Z
Updated: 2025-05-19T14:10:01.595Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45117 |
vulnerable | 2026-06-03 14:53:07.566779 |
Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi)
HIGH (8.8)
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the /update.php?q=rmquiz resource does not validate the characters received and they are sent unfiltered to the database.
Published: 2023-12-21T15:47:00.234Z
Updated: 2025-05-19T14:09:43.559Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45116 |
vulnerable | 2026-06-03 14:53:07.566344 |
Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi)
HIGH (8.8)
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'demail' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database.
Published: 2023-12-21T15:42:37.992Z
Updated: 2025-05-19T14:09:12.616Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45115 |
vulnerable | 2026-06-03 14:53:07.565883 |
Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi)
HIGH (8.8)
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'ch' parameter of the /update.php?q=addqns resource does not validate the characters received and they are sent unfiltered to the database.
Published: 2023-12-21T15:36:52.752Z
Updated: 2025-05-21T14:10:51.475Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-42066 |
vulnerable | 2026-06-03 14:48:12.065887 |
Details available
Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php.
Published: 2022-10-14T00:00:00.000Z
Updated: 2025-05-14T15:29:46.102Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-46307 |
vulnerable | 2026-06-03 14:45:44.513170 |
Details available
An SQL Injection vulnerability exists in Projectworlds Online Examination System 1.0 via the eid parameter in account.php.
Published: 2022-01-21T15:59:56.000Z
Updated: 2024-08-04T05:02:11.507Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.