CVE-2020-37057

Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete database information.

CVSS v3 8.2 HIGH

8.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/sunnygkp10/Online-Exam-System-.git	Product
https://www.exploit-db.com/exploits/48529	Exploit VDB Entry
https://www.vulncheck.com/advisories/online-exam-system-fid-sql-injection	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:sunnygkp10:online-exam-system-:2015:*:*:*:*:*:*:*

History

12 Mar 2026, 18:50

Type	Values Removed	Values Added
Summary		(es) Online-Exam-System 2015 contiene una vulnerabilidad de inyección SQL en el módulo de comentarios que permite a los atacantes manipular consultas de base de datos a través del parámetro 'fid'. Los atacantes pueden inyectar código SQL malicioso en el parámetro 'fid' para potencialmente extraer, modificar o eliminar información de la base de datos.
References	~~() https://github.com/sunnygkp10/Online-Exam-System-.git -~~	() https://github.com/sunnygkp10/Online-Exam-System-.git - Product
References	~~() https://www.exploit-db.com/exploits/48529 -~~	() https://www.exploit-db.com/exploits/48529 - Exploit, VDB Entry
References	~~() https://www.vulncheck.com/advisories/online-exam-system-fid-sql-injection -~~	() https://www.vulncheck.com/advisories/online-exam-system-fid-sql-injection - Broken Link
CPE		cpe:2.3:a:sunnygkp10:online-exam-system-:2015:::::::*
First Time		Sunnygkp10 Sunnygkp10 online-exam-system-

30 Jan 2026, 23:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-30 23:16

Updated : 2026-03-12 18:50

NVD link : CVE-2020-37057

Mitre link : CVE-2020-37057

CVE.ORG link : CVE-2020-37057

JSON object : View

Products Affected

sunnygkp10

online-exam-system-

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2020-37057", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-30T23:16:11.803", "references": [{"url": "https://github.com/sunnygkp10/Online-Exam-System-.git", "tags": ["Product"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/48529", "tags": ["Exploit", "VDB Entry"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/online-exam-system-fid-sql-injection", "tags": ["Broken Link"], "source": "disclosure@vulncheck.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete database information."}, {"lang": "es", "value": "Online-Exam-System 2015 contiene una vulnerabilidad de inyecci\u00f3n SQL en el m\u00f3dulo de comentarios que permite a los atacantes manipular consultas de base de datos a trav\u00e9s del par\u00e1metro 'fid'. Los atacantes pueden inyectar c\u00f3digo SQL malicioso en el par\u00e1metro 'fid' para potencialmente extraer, modificar o eliminar informaci\u00f3n de la base de datos."}], "lastModified": "2026-03-12T18:50:06.773", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sunnygkp10:online-exam-system-:2015:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5A6D385-B814-44B5-A1D0-D02F95F255F2"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com"}