Sunnygkp10 - Online-exam-system - HIGH - CVE-2020-37051. The Online-Exam-System 2015 features a time-based blind SQL injection vulnerability in its feedback form, particularly within the 'feed.php' endpoint. This flaw allows attackers to execute crafted malicious payloads that leverage time delays to systematically identify and extract user password hashes from the database. By exploiting this vulnerability, an attacker can gain unauthorized access to sensitive information, posing a significant risk to the integrity and confidentiality of user data. BADGES: 👾 EXPLOITED | 🟡 PoC | SecurityVulnerability.io