← Volver a CVEs
CVE-2020-37051
HIGH8.2
Descripcion
Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. Attackers can exploit the 'feed.php' endpoint by crafting malicious payload requests that use time delays to systematically enumerate user password characters.
Detalles CVE
Puntuacion CVSS v3.18.2
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado1/30/2026
Ultima modificacion3/12/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
sunnygkp10:online-exam-system-
Debilidades (CWE)
CWE-89
Referencias
https://github.com/sunnygkp10/Online-Exam-System-.git(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/48560(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/online-exam-system-feedback-sql-injection(disclosure@vulncheck.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.