CVE-2017-20257

Joomla! Component Quiz Deluxe 3.7.4 SQL Injection

CVSS 8.8 HIGHEPSS 0.3%CWE-89

Joomla! Component Quiz Deluxe 3.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the ajaxaction.flag_question task. Attackers can inject malicious SQL code via the stu_quiz_id or flag_quest parameters to manipulate database queries and extract sensitive information.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Affected products

Joomplace · Quiz Deluxe

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/42589unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://joomplace.com/https://extensions.joomla.org/extensions/extension/living/education-a-culture/quiz-deluxe/https://www.exploit-db.com/exploits/42589 https://www.vulncheck.com/advisories/joomla-component-quiz-deluxe-sql-injection