CVE-2017-17622
CRITICALOnline Exam Test Application Script 1.6 - SQL Injection via exams.php sort parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2017-17622. PoCs published by Ihsan Sencan.
AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Online Exam Test Application Script 1.6 via the 'sort' parameter in exams.php. It includes payloads for UNION-based and boolean-based blind SQL injection to extract table names from the database.
Description
Online Exam Test Application Script 1.6 has SQL Injection via the exams.php sort parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Ihsan Sencan · textwebappsphp
https://www.exploit-db.com/exploits/43291
This exploit demonstrates a SQL injection vulnerability in Online Exam Test Application Script 1.6 via the 'sort' parameter in exams.php. It includes payloads for UNION-based and boolean-based blind SQL injection to extract table names from the database.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
Online Exam Test Application Script 1.6
No auth needed
Prerequisites:
Access to the vulnerable exams.php endpoint
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (3)
Core 3
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/145329/Online-Exam-Test-Application-Script-1.6-SQL-Injection.html
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/145334/Online-Exam-Test-Application-Script-1.6-SQL-Injection.html
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/43291/
Scores
CVSS v3
9.8
EPSS
0.0362
EPSS Percentile
88.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
online_exam_test_application_script_project/online_exam_test_application_script
1.6
Published
Dec 13, 2017
Tracked Since
Feb 18, 2026