Primary

Context

Code-Projects Question Paper Generator SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in Code-Projects Question Paper Generator versions through 1.0. The issue arises in the file selectquestionuser.php, where the subid parameter is manipulated, allowing for the injection of arbitrary SQL commands. This vulnerability can be exploited remotely, and a proof-of-concept exploit is available.

Impact

Exploitation of this vulnerability allows for arbitrary SQL code execution, which could lead to unauthorized data access or manipulation.

Reproduction

To reproduce this vulnerability, send a POST request to /exam/selectquestionuser.php with a crafted subid parameter that includes SQL injection payloads, such as UNION SELECT statements. The injected SQL will be executed by the database, demonstrating the SQL injection flaw.

Added: Dec 7, 2025, 10:17 PM

Updated: Dec 7, 2025, 10:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.7

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.7

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Code-Projects Question Paper Generator SQL Injection Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating