← Voltar para CVEs
CVE-2020-37051
HIGH8.2
Descricao
Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. Attackers can exploit the 'feed.php' endpoint by crafting malicious payload requests that use time delays to systematically enumerate user password characters.
Detalhes CVE
Pontuacao CVSS v3.18.2
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado1/30/2026
Ultima modificacao3/12/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
sunnygkp10:online-exam-system-
Fraquezas (CWE)
CWE-89
Referencias
https://github.com/sunnygkp10/Online-Exam-System-.git(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/48560(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/online-exam-system-feedback-sql-injection(disclosure@vulncheck.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.