top of page
perceptive_background_267k.jpg

A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL comman…

Published:

11 januari 2026 om 23:00:00

Alert date:

12 januari 2026 om 22:01:09

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Database & Storage

A SQL injection vulnerability has been discovered in the Kashipara Online Exam System V1.0, specifically in the /exam/user/profile.php page. The vulnerability allows remote attackers to execute arbitrary SQL commands and gain unauthorized database access. The attack vector involves manipulating multiple parameters (rname, rcollage, rnumber, rgender, rpassword) through POST HTTP requests. This vulnerability affects the user profile update functionality and could lead to complete database compromise. The issue has been assigned CVE-2025-51567 and represents a critical security flaw in the educational software platform.

Technical details

Mitigation steps:

Affected products:

Kashipara Online Exam System

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2025-51567
https://github.com/0xBhushan/Writeups/blob/main/CVE/Kashipara/Online%20Exam%20System/SQL%20Injection-Profile%20Update.pdf

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page