Title: campcodes Online Examination System ≤1.0 SQL injection Description: SQL injection vulnerability exists in pass parameter of /adminpanel/admin/query/loginExe.php file of Online Examination System. Important user data or system data may be leaked and system security may be compromised. The environment is secure and the information can be used by malicious users. Payload: pass='XOR(if(now()=sysdate(),sleep(15),0))XOR'Z Source: https://github.com/E1CHO/cve_hub/blob/main/Online%20Examination%20System/Online%20Examination%20System%20-%200vuln%201.pdf User: SSL_Seven_Security_Lab_WangZhiQiang_XiaoZiLong Submission: 03/26/2024 03:45 PM Moderation: 03/26/2024 05:30 PM Status: Accepted VulDB entry: 258032 [Campcodes Online Examination System 1.0 loginExe.php pass sql injection] Points: 19