← volver
CVE-2025-51567

CVE-2025-51567

CVSS 9.1 CRITICALEPSS 0.4%CWE-89
A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the rname, rcollage, rnumber, rgender and rpassword parameters in a POST HTTP request.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/0xBhushan/Writeups/blob/main/CVE/Kashipara/Online%20Exam%20System/SQL%20Injection-Profile%20Update.pdf