top of page
perceptive_background_267k.jpg

A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL comman…

Published:

11 January 2026 at 23:00:00

Alert date:

12 January 2026 at 22:01:09

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Database & Storage

A SQL injection vulnerability has been discovered in the Kashipara Online Exam System V1.0, specifically in the /exam/user/profile.php page. The vulnerability allows remote attackers to execute arbitrary SQL commands and gain unauthorized database access. The attack vector involves manipulating multiple parameters (rname, rcollage, rnumber, rgender, rpassword) through POST HTTP requests. This vulnerability affects the user profile update functionality and could lead to complete database compromise. The issue has been assigned CVE-2025-51567 and represents a critical security flaw in the educational software platform.

Technical details

Mitigation steps:

Affected products:

Kashipara Online Exam System

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2025-51567
https://github.com/0xBhushan/Writeups/blob/main/CVE/Kashipara/Online%20Exam%20System/SQL%20Injection-Profile%20Update.pdf

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page