Disclosure date: 10/23/19

CVE-2019-18344

Online Grading System is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, class, and user, parameters.

Disclosure date: 10/22/19

CVE-2019-18280

Online Grading System 1.0 is affected by a Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.

"Cymmetria’s MazeRunner platform lets you dominate an attacker’s movements from the very beginning and lead them to a monitored deception network."

I really like this product but after my first installation, I felt like I sort of rushed the process and I wanted to start over again.  With a fresh install, I headed over to the Responder monitor.  For those of you unfamiliar with Responder.py, it's wicked fun if you're an attacker, and not so much fun if you're a defender.