CVE-2018-18757

CRITICAL

Open Faculty Evaluation System - SQL Injection

Title source: rule

Open Faculty Evaluation System 5.6 for PHP 5.6 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18758.

exploitdb WORKING POC

by Ihsan Sencan · textwebappsphp

CVSS v3 9.8

EPSS 0.0069

EPSS Percentile 72.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-89

Status published

Products (1)

open_faculty_evaluation_system_project/open_faculty_evaluation_system 5.6

Published Jun 19, 2019

Tracked Since Feb 18, 2026