Lucene search

[email protected]CVE-2023-45201

HistoryNov 01, 2023 - 10:15 p.m.

CVE-2023-45201

2023-11-0122:15:08

CWE-601

[email protected]

web.nvd.nist.gov

cve-2023-45201

online examination system

open redirect

vulnerability

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.0%

JSON

Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The ‘q’ parameter of the admin.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.

Affected configurations

NVD

Node

projectworldsonline_examination_systemMatch1.0

CPENameOperatorVersion
projectworlds:online_examination_systemprojectworlds online examination systemeq1.0

CPE	Name	Operator	Version
projectworlds:online_examination_system	projectworlds online examination system	eq	1.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Online Examination System",
    "vendor": "Projectworlds Pvt. Limited",
    "versions": [
      {
        "status": "affected",
        "version": "1.0"
      }
    ]
  }
]

References

fluidattacks.com/advisories/uchida

projectworlds.in/

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for CVE-2023-45201

cvelist1 nvd1 prion1