Projectworlds Online Examination System
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Projectworlds Online Examination System.
By the Year
In 2025 there have been 3 vulnerabilities in Projectworlds Online Examination System with an average score of 9.8 out of ten. Last year, in 2024 Online Examination System had 1 security vulnerability published. That is, 2 more vulnerabilities have already been reported in 2025 as compared to last year. Interestingly, the average vulnerability score and the number of vulnerabilities for 2025 and last year was the same.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 3 | 9.80 |
| 2024 | 1 | 9.80 |
| 2023 | 16 | 7.99 |
| 2022 | 2 | 7.95 |
It may take a day or so for new Online Examination System vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Projectworlds Online Examination System Security Vulnerabilities
Critical SQLi in projectworlds OES 1.0 via /Procedure3b_visit.php
CVE-2025-4706
9.8 - Critical
- May 15, 2025
A vulnerability was found in projectworlds Online Examination System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Procedure3b_yearwiseVisit.php. The manipulation of the argument Visit_year leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
Projectworlds Online Exam Sys 1.0 SQLi via Bloodgroop_process.php Pat_BloodGroup1
CVE-2025-4058
9.8 - Critical
- April 29, 2025
A vulnerability classified as critical has been found in Projectworlds Online Examination System 1.0. This affects an unknown part of the file /Bloodgroop_process.php. The manipulation of the argument Pat_BloodGroup1 leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
CVE-2025-4034: SQL Injection in projectworlds OES 1.0 via Doc_ID
CVE-2025-4034
9.8 - Critical
- April 28, 2025
A vulnerability classified as critical was found in projectworlds Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /inser_doc_process.php. The manipulation of the argument Doc_ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
SQLi in Projectworlds Online Exam System v1.0 feed.php subject
CVE-2024-42843
9.8 - Critical
- August 15, 2024
Projectworlds Online Examination System v1.0 is vulnerable to SQL Injection via the subject parameter in feed.php.
SQL Injection
CVE-2023-45126: Duplicate Vulnerability Claim
CVE-2023-45126
- December 21, 2023
Rejected reason: It is a duplicate.
Unknown CVE duplicate - CVE-2023-45124
CVE-2023-45124
- December 21, 2023
Rejected reason: It is a duplicate.
Duplicate CVE-2023-45125: Rejected as Duplicate
CVE-2023-45125
- December 21, 2023
Rejected reason: It is a duplicate.
Duplicate CVE-2023-45127 No New Info
CVE-2023-45127
- December 21, 2023
Rejected reason: It is a duplicate.
Authenticated SQLi in Online Examination System v1.0 /update.php?desc
CVE-2023-45121
8.8 - High
- December 21, 2023
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'desc' parameter of the /update.php?q=addquiz resource does not validate the characters received and they are sent unfiltered to the database.
SQL Injection
Authenticated SQLi in Online Exam System v1.0 via qid in /update.php
CVE-2023-45120
8.8 - High
- December 21, 2023
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'qid' parameter of the /update.php?q=quiz&step=2 resource does not validate the characters received and they are sent unfiltered to the database.
SQL Injection
CVE-2023-45123 Duplicate: Rejected Entry
CVE-2023-45123
- December 21, 2023
Rejected reason: It is a duplicate.
Duplicate CVE-2023-45122
CVE-2023-45122
- December 21, 2023
Rejected reason: It is a duplicate.
Online Exam System v1.0 Authenticated SQLi in /update.php
CVE-2023-45116
8.8 - High
- December 21, 2023
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'demail' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database.
SQL Injection
Online Examination System v1.0 Auth SQLi via /update.php?q=addqns (ch param)
CVE-2023-45115
8.8 - High
- December 21, 2023
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'ch' parameter of the /update.php?q=addqns resource does not validate the characters received and they are sent unfiltered to the database.
SQL Injection
Online Examination System 1.0: Auth SQLi via /update.php?q=rmquiz (eid)
CVE-2023-45117
8.8 - High
- December 21, 2023
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the /update.php?q=rmquiz resource does not validate the characters received and they are sent unfiltered to the database.
SQL Injection
Online Examination System v1.0 Authenticated SQLi via fdid on /update.php
CVE-2023-45118
8.8 - High
- December 21, 2023
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'fdid' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database.
SQL Injection
Authenticated SQL Injection in Online Examination System v1.0 (PHP)
CVE-2023-45119
8.8 - High
- December 21, 2023
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the /update.php?q=quiz resource does not validate the characters received and they are sent unfiltered to the database.
SQL Injection
Open Redirect in Online Examination System 1.0 feed.php (q param)
CVE-2023-45202
6.1 - Medium
- November 01, 2023
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the feed.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.
Open Redirect
Online Examination System v1.0 Open Redirect via login.php 'q' param
CVE-2023-45203
6.1 - Medium
- November 01, 2023
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the login.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.
Open Redirect
Open Redirect in Online Examination System v1.0 admin.php (q param)
CVE-2023-45201
6.1 - Medium
- November 01, 2023
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the admin.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.
Open Redirect
Online Examination System version 1.0 suffers from a cross site scripting vulnerability
CVE-2022-42066
6.1 - Medium
- October 14, 2022
Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php.
XSS
An SQL Injection vulnerability exists in Projectworlds Online Examination System 1.0
CVE-2021-46307
9.8 - Critical
- January 21, 2022
An SQL Injection vulnerability exists in Projectworlds Online Examination System 1.0 via the eid parameter in account.php.
SQL Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Projectworlds Online Examination System or by Projectworlds? Click the Watch button to subscribe.
