CVE-2025-15140

216.73.216.36

· Published 28/12/2025 15:15 · Modified 29/12/2025 15:57

Labels: CVE-2025-15140 2025-12-28 CVE-2025-15140 CWE-74 [email protected]

Essential information

Published: 28/12/2025 15:15
Modified: 29/12/2025 15:57
Author: —
Creator: —
CVSS: 6.9 MEDIUM (v3) 6.9 MEDIUM (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

A vulnerability was found in saiftheboss7 onlinemcqexam up to 0e56806132971e49721db3ef01868098c7b42ada. This vulnerability affects unknown code of the file /admin/quesadd.php. Performing manipulation of the argument ans1/ans2 results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This product adopts a rolling release strategy to maintain continuous delivery The vendor was contacted early about this disclosure but did not respond in any way.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
saiftheboss7 / onlinemcqexam	`cpe:2.3:a:saiftheboss7:onlinemcqexam::::::::`