cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-10353,https://securityvulnerability.io/vulnerability/CVE-2024-10353,Improper Access Control Vulnerability in SourceCodester Online Exam System,"An improper access control vulnerability has been identified in the SourceCodester Online Exam System 1.0. This weakness resides in an unknown function within the /admin-dashboard file, allowing unauthenticated users to gain access to restricted functionalities. As the vulnerability can be exploited remotely, it poses a high risk to systems using this software version. The public disclosure of the exploit amplifies the urgency for organizations to implement immediate measures to secure their installations. It is critical for users to review their security configurations and apply necessary patches or updates to safeguard against potential breaches.",Sourcecodester,Online Exam System,7.2,HIGH,0.00203999993391335,false,,false,false,true,2024-10-24T23:15:00.000Z,true,false,false,,2024-10-25T00:15:00.000Z,0
CVE-2023-2771,https://securityvulnerability.io/vulnerability/CVE-2023-2771,SourceCodester Online Exam System data sql injection,"A significant vulnerability has been uncovered within the SourceCodester Online Exam System version 1.0, centered on the inadequate handling of parameters in the /jurusanmatkul/data file. Specifically, an attacker can manipulate the arguments, particularly columns[1][data], to execute SQL injection attacks. This vulnerability allows remote exploitation, potentially leading to unauthorized access to sensitive data. Public disclosure of the exploit has raised concerns about its active use in the wild, making immediate remedial actions critical for affected users.",SourceCodester,Online Exam System,8.8,HIGH,0.003289999905973673,false,,false,false,false,,,false,false,,2023-05-17T19:15:00.000Z,0
CVE-2023-2770,https://securityvulnerability.io/vulnerability/CVE-2023-2770,SourceCodester Online Exam System data sql injection,"An SQL injection vulnerability exists in SourceCodester's Online Exam System 1.0, specifically within the /kelasdosen/data file. Malicious actors can exploit this flaw by manipulating the argument columns[1][data], allowing for unauthorized access to the underlying database. This manipulation can be performed remotely, making it a significant security concern. The potential for data leakage or corruption is high, as attackers can execute arbitrary SQL queries. Awareness of this vulnerability is crucial as its details have been made public, increasing the risk of exploitation.",SourceCodester,Online Exam System,8.8,HIGH,0.003289999905973673,false,,false,false,false,,,false,false,,2023-05-17T18:15:00.000Z,0
CVE-2023-2697,https://securityvulnerability.io/vulnerability/CVE-2023-2697,SourceCodester Online Exam System POST Parameter data sql injection,"A vulnerability has been identified in the SourceCodester Online Exam System 1.0, specifically within the POST Parameter Handler component. This issue occurs due to improper handling of user-supplied data in the argument columns[1][data] located in the file /jurusan/data. An attacker can exploit this vulnerability to perform SQL injection, allowing for unauthorized access to the database. This exploit can be executed remotely and has been publicly disclosed, highlighting the urgency for affected users to secure their systems against potential attacks.",SourceCodester,Online Exam System,9.8,CRITICAL,0.010409999638795853,false,,false,false,false,,,false,false,,2023-05-14T12:15:00.000Z,0
CVE-2023-2695,https://securityvulnerability.io/vulnerability/CVE-2023-2695,SourceCodester Online Exam System POST Parameter data sql injection,"A vulnerability discovered in SourceCodester's Online Exam System version 1.0 allows for SQL injection through the POST Parameter Handler component. Specifically, the manipulation of the 'columns[1][data]' argument can lead to unauthorized access and manipulation of the database. This vulnerability can be exploited remotely, making it particularly concerning for users. With the potential for exploitation disclosed publicly, immediate attention to security patches and coding practices is essential for all affected users.",SourceCodester,Online Exam System,9.8,CRITICAL,0.010409999638795853,false,,false,false,false,,,false,false,,2023-05-14T11:15:00.000Z,0
CVE-2023-2696,https://securityvulnerability.io/vulnerability/CVE-2023-2696,SourceCodester Online Exam System POST Parameter data sql injection,"A vulnerability has been identified in the SourceCodester Online Exam System version 1.0, related to improper processing in the POST Parameter Handler. The flaw resides specifically in the handling of input data from the file '/matkul/data', where the manipulation of the argument 'columns[1][data]' can lead to SQL injection. This security weakness can be exploited remotely, potentially allowing attackers to gain unauthorized access to the underlying database and manipulate data at will. The public disclosure of this exploit increases the risk of attacks. It is crucial for users to evaluate their systems and apply mitigations promptly.",SourceCodester,Online Exam System,9.8,CRITICAL,0.010409999638795853,false,,false,false,false,,,false,false,,2023-05-14T11:15:00.000Z,0
CVE-2023-2694,https://securityvulnerability.io/vulnerability/CVE-2023-2694,SourceCodester Online Exam System POST Parameter data sql injection,A vulnerability was found in SourceCodester Online Exam System 1.0. It has been classified as critical. This affects an unknown part of the file /dosen/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228975.,Sourcecodester,Online Exam System,6.3,MEDIUM,0.007230000104755163,false,,false,false,false,,,false,false,,2023-05-14T10:15:00.000Z,0
CVE-2023-2693,https://securityvulnerability.io/vulnerability/CVE-2023-2693,SourceCodester Online Exam System POST Parameter data sql injection,"A SQL injection vulnerability has been identified in the SourceCodester Online Exam System 1.0, specifically within the POST Parameter Handler of the file /mahasiswa/data. The vulnerability occurs due to improper handling of the argument columns[1][data], allowing attackers to manipulate SQL queries. This exploitation can be executed remotely, leading to unauthorized access and potential data breaches. Public disclosure of the exploit raises concerns about widespread malicious use. Immediate attention to secure the affected component is essential to prevent potential exploitation.",SourceCodester,Online Exam System,9.8,CRITICAL,0.010409999638795853,false,,false,false,false,,,false,false,,2023-05-14T09:15:00.000Z,0
CVE-2023-2642,https://securityvulnerability.io/vulnerability/CVE-2023-2642,SourceCodester Online Exam System GET Parameter updateCourse.php sql injection,"A vulnerability has been identified in SourceCodester's Online Exam System version 1.0, affecting the admin panel component responsible for handling GET parameters. This vulnerability allows attackers to manipulate the 'id' argument within the file adminpanel/admin/facebox_modal/updateCourse.php, leading to SQL injection attacks. Since exploitation can be performed remotely, it poses a significant risk to the security of systems that utilize this application. Public disclosure of this vulnerability has occurred, making effective mitigation strategies critical.",Sourcecodester,Online Exam System,6.3,MEDIUM,0.0026400000788271427,false,,false,false,true,2023-05-11T06:15:00.000Z,true,false,false,,2023-05-11T06:15:00.000Z,0
CVE-2022-2707,https://securityvulnerability.io/vulnerability/CVE-2022-2707,SourceCodester Online Class and Exam Scheduling System faculty_sched.php sql injection,"A vulnerability classified as critical was found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/faculty_sched.php. The manipulation of the argument faculty with the input ' OR (SELECT 2078 FROM(SELECT COUNT(*),CONCAT(0x716a717071,(SELECT (ELT(2078=2078,1))),0x717a706a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- uYCM leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205831.",Sourcecodester,Online Class And Exam Scheduling System,9.8,CRITICAL,0.0026499999221414328,false,,false,false,false,,,false,false,,2022-08-08T12:50:42.000Z,0
CVE-2022-2706,https://securityvulnerability.io/vulnerability/CVE-2022-2706,SourceCodester Online Class and Exam Scheduling System class_sched.php sql injection,"A vulnerability classified as critical has been found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/class_sched.php. The manipulation of the argument class with the input '||(SELECT 0x684d6b6c WHERE 5993=5993 AND (SELECT 2096 FROM(SELECT COUNT(*),CONCAT(0x717a786b71,(SELECT (ELT(2096=2096,1))),0x717a626271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||' leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-205830 is the identifier assigned to this vulnerability.",Sourcecodester,Online Class And Exam Scheduling System,9.8,CRITICAL,0.0026499999221414328,false,,false,false,false,,,false,false,,2022-08-08T12:50:37.000Z,0