#academic-fraud

1. PostgreSQL Function Flaw Enables Students to Forge Fake Mock Exam Sessions, Bypass Time Limits

A critical access control flaw in the `start_quiz_session` PostgreSQL function permits students to bypass exam integrity safeguards by injecting the `mock_exam` mode parameter. The function writes `p_mode` directly into `quiz_sessions.mode` without validating the mode against caller privileges, creating exam records th...