This page lists publicly disclosed CVE vulnerabilities affecting jayesh online_exam_system (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-51567 | A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the rname, rcollage, rnumber, rgender and rpassword parameters in a POST HTTP request. | [email protected] | 9.1 | 0.06% | 2026-01-12 | 2026-01-16 |
| CVE-2024-40480 | A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access. | [email protected] | 9.8 | 0.90% | 2024-08-12 | 2025-03-14 |
| CVE-2024-40479 | A SQL injection vulnerability in "/admin/quizquestion.php" in Kashipara Online Exam System v1.0 allows remote attackers to execute arbitrary SQL commands via the "eid" parameter. | [email protected] | 8.1 | 0.17% | 2024-08-12 | 2025-11-19 |
| CVE-2024-40478 | A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/afeedback.php" in Kashipara Online Exam System v1.0, which allows remote attackers to execute arbitrary code via "rname" and "email" parameter fields | [email protected] | 5.4 | 0.42% | 2024-08-12 | 2025-03-13 |