CVE-2020-37057

HIGH

Online-Exam-System 2015 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37057. PoCs published by Berk Dusunur.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in the Online-Exam-System 2015 via the 'fid' parameter. The PoC shows how an attacker can inject malicious SQL queries to manipulate the database query.

Description

Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete database information.

Exploits (1)

exploitdb WORKING POC
by Berk Dusunur · textwebappsphp
https://www.exploit-db.com/exploits/48529

This exploit demonstrates a SQL injection vulnerability in the Online-Exam-System 2015 via the 'fid' parameter. The PoC shows how an attacker can inject malicious SQL queries to manipulate the database query.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Online-Exam-System 2015
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 8.2
EPSS 0.0050
EPSS Percentile 38.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
sunnygkp10/online-exam-system- 2015
Published Jan 30, 2026
Tracked Since Feb 18, 2026