AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2019-18344: Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers t

criticalvulnerability

security

Source: NVD/CVE DatabaseOctober 23, 2019CVE-2019-18344

Summary

Sourcecodester Online Grading System version 1.0 has a critical security flaw called SQL injection (a technique where attackers insert malicious database commands into user inputs). Attackers can exploit this vulnerability without needing to log in by targeting specific input fields like student ID or class ID, allowing them to run unauthorized commands on the system's database.

Vulnerability Details

CVSS Score

9.8(critical)

EPSS (30-day exploit probability)

EPSS: 0.6%

Classification

Attack SophisticationTrivial

Taxonomy References

CWE (Weakness Type)

CWE-89

CAPEC (Attack Pattern)

CAPEC-66

Original source: https://nvd.nist.gov/vuln/detail/CVE-2019-18344

First tracked: February 15, 2026 at 08:37 PM

Classified by LLM (prompt v3) · confidence: 95%