A student from the Chinhoyi University of Technology was able to gain access into the university’s database using a technique called SQL-injection. Upon gaining access he proceeded to change his own results in order to make them more appealing. He wasn’t content to do end there though.
According to authorities, the said student the proceeded to change results for seven other students from the University charging steep USD prices for the privilege. It’s not clear what his pricing model was but students had to pay between $20-$80 USD to have their results altered.
Students who had failed courses such as financial management, commercial law, computer organisation and architecture and ironically operating systems among others had their grades changed to passing ones. The student also altered his grade in a course he had failed back in December 2018. The university was so unware, it allowed the 20-year-old culprit to continue with his studies.
It’s not yet clear how the matter came to light but the university has since discovered the alterations and hopefully corrected them. The student used a free and open-source software known as SQLMap to find vulnerabilities in the exam software used by the school and these will have to be patched.
