CVE-2019-18344

CRITICAL

Sourcecodester Online Grading System 1.0 - Unauthenticated SQL Injection via id or classid Parameter

Title source: llm
STIX 2.1

Description

Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, class, or user page (id or classid parameter).

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.sevenlayers.com/index.php/262-online-grading-system-1-0-sqli

Scores

CVSS v3 9.8
EPSS 0.0136
EPSS Percentile 68.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
online_grading_system_project/online_grading_system 1.0
Published Oct 23, 2019
Tracked Since Feb 18, 2026