Kashipara Online Exam System SQL Injection Vulnerability in Profile Update Page

Vulnerability

A SQL injection vulnerability has been identified in the profile update page of Kashipara Online Exam System version 1.0. This vulnerability allows remote attackers to execute arbitrary SQL commands, potentially leading to unauthorized database access. The injection can be performed via the rname, rcollage, rnumber, rgender, and rpassword parameters in a POST HTTP request.

Impact

Exploitation of this vulnerability allows for arbitrary SQL command execution, which could be used to manipulate the database or access sensitive information.

Added: Jan 12, 2026, 8:18 PM

Updated: Jan 12, 2026, 9:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

1.9

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

1.9

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kashipara Online Exam System SQL Injection Vulnerability in Profile Update Page

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating