CVE-2023-5228517.01.2024, 08:15ExamSys 9150244 allows SQL Injection via the /Support/action/Pages.php s_score2 parameter.SQL InjectionEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST7.5 HIGHNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NmitreCNA------CVEADP------CISA-ADPADP7.5 HIGHNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NBase ScoreCVSS 3.xEPSS ScorePercentile: 19%Known Exploits!https://fh4ntke.medium.com/examsys-multiple-sql-injections-ef94d84e440chttps://fh4ntke.medium.com/examsys-multiple-sql-injections-ef94d84e440cCommon Weakness EnumerationCWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.Referenceshttps://fh4ntke.medium.com/examsys-multiple-sql-injections-ef94d84e440chttps://github.com/lrx0014/ExamSys/commit/915024448428867f2228cf7f06abd1b6e65e9397https://fh4ntke.medium.com/examsys-multiple-sql-injections-ef94d84e440chttps://github.com/lrx0014/ExamSys/commit/915024448428867f2228cf7f06abd1b6e65e9397