Primary

Context

Testa Online Test Management System SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in Testa Online Test Management System version 3.4.7. This vulnerability allows attackers to manipulate database queries by injecting malicious SQL code through the 'q' search parameter. Exploitation of this vulnerability could lead to unauthorized access to database information, including sensitive user or system data.

Impact

Exploitation of this vulnerability allows for SQL injection, which could be used to manipulate database queries and access or modify database information. This could include extracting sensitive user or system data from the database.

Reproduction

To reproduce this vulnerability, log into the Testa Online Test Management System version 3.4.7. Navigate to the 'List And Search Exams' section. In the search field, inject a SQL payload, such as a UNION SELECT statement, to manipulate the database query and extract information.

Added: Jan 27, 2026, 4:44 PM

Updated: Jan 27, 2026, 4:44 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

9.7

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

9.7

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Testa Online Test Management System SQL Injection Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Testa Online Test Management System

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating