Unauthenticated SQL Injection Vulnerability in Sourcecodester Online Grading System 1.0

Unauthenticated SQL Injection Vulnerability in Sourcecodester Online Grading System 1.0

CVE-2019-18344 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, class, or user page (id or classid parameter).

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.