A high-severity vulnerability has been identified in multiple Examination products, specifically affecting the Online Examination System. An attacker could exploit this flaw over the network without authentication to access, modify, or delete sensitive data within the system's database, potentially compromising student information, exam questions, and results. Organizations using the affected software are at significant risk of a data breach and should apply vendor-supplied security updates immediately.

The vulnerability is a SQL Injection flaw within the Online Examination System. An unauthenticated remote attacker can exploit this by sending specially crafted SQL statements to the application, likely through user-input fields such as a login form or search parameter. Because the application does not properly sanitize this input, the malicious queries are executed directly against the backend database, allowing the attacker to bypass authentication controls, exfiltrate sensitive data, modify records (e.g., change grades), or delete information from the database.

This vulnerability is rated as High severity with a CVSS score of 7.3. Successful exploitation could lead to severe consequences for the organization, including unauthorized access to and exfiltration of sensitive Personally Identifiable Information (PII) of students and faculty, compromising the academic integrity of the examination process through data manipulation, and potential denial of service. The specific risks include significant reputational damage, loss of trust from users, potential regulatory fines for data breaches, and the operational cost of incident response and recovery.

Immediate Action: Apply the security updates released by the vendor immediately across all affected systems. Prioritize patching for systems that are publicly accessible via the internet. After patching, monitor systems for any signs of post-patch exploitation attempts and review historical access logs for indicators of compromise that may have occurred prior to remediation.

Proactive Monitoring: Implement enhanced monitoring of web server and database logs. Specifically, search for unusual or malformed SQL queries, a high volume of errors from the database, or multiple failed login attempts from a single IP address. Utilize a Web Application Firewall (WAF) to log and block common SQL injection attack patterns targeting the application.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rules specifically designed to detect and block SQL injection attacks as a temporary mitigating control. Additionally, restrict network access to the application's administrative interfaces to only trusted IP addresses and ensure the database service account has the minimum necessary privileges to function (principle of least privilege).

Public Exploit Available: false

Given the high CVSS score of 7.3 and the risk of a severe data breach, we strongly recommend that organizations prioritize the immediate patching of this vulnerability. While this vulnerability is not currently listed on the CISA KEV catalog, its high severity and potential for unauthenticated remote exploitation make it an attractive target for attackers. All affected systems, especially those exposed to the internet, should be patched immediately. If patching is delayed, the compensating controls outlined above should be implemented without delay to reduce the attack surface.