vendor:
PHP-MySQL-Quiz
by:
Hussin X
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PHP-MySQL-Quiz
Affected Version From: 1.1
Affected Version To: 1.1
Patch Exists: YES
Related CWE: CVE-2009-4010
CPE: a:widgetmonkey:php-mysql-quiz
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2009
PHP-MySQL-Quiz SQL Injection Vulnerability
The vulnerability exists due to insufficient sanitization of user-supplied input in the "id" parameter of the "editquiz.php" script. A remote attacker can execute arbitrary SQL commands in the application's database, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, etc.
Mitigation:
Update to version 1.2 or later.