CVE-2025-15140

HIGH

saiftheboss7 onlinemcqexam <0e56806132971e49721db3ef01868098c7b42ad...

Title source: llm

Description

A vulnerability was found in saiftheboss7 onlinemcqexam up to 0e56806132971e49721db3ef01868098c7b42ada. This vulnerability affects unknown code of the file /admin/quesadd.php. Performing manipulation of the argument ans1/ans2 results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This product adopts a rolling release strategy to maintain continuous delivery The vendor was contacted early about this disclosure but did not respond in any way.

References (5)

Core 5

Core References

Permissions Required, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.338518

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.338518

Permissions Required, VDB Entry third-party-advisory

https://vuldb.com/?submit.715219

Permissions Required, VDB Entry third-party-advisory

https://vuldb.com/?submit.715463

Issue Tracking exploit issue-tracking

https://github.com/Anti1i/cve/issues/4

Scores

CVSS v3 7.3

EPSS 0.0026

EPSS Percentile 17.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-74 CWE-89

Status published

Products (1)

saiftheboss7/onlinemcqexam 0e56806132971e49721db3ef01868098c7b42ada

Published Dec 28, 2025

Tracked Since Feb 18, 2026