Online Quiz Maker 1.0 SQL Injection Vulnerability (CVE-2018-25207)
Online Quiz Maker 1.0 is vulnerable to SQL injection via the catid and usern parameters, allowing authenticated attackers to execute arbitrary SQL commands by submitting malicious POST requests to quiz-system.php or add-category.php.
Online Quiz Maker 1.0 is susceptible to SQL injection vulnerabilities, specifically identified as CVE-2018-25207. The vulnerability resides in the catid and usern parameters, which can be exploited by an authenticated attacker to inject arbitrary SQL commands. The attack vector involves crafting malicious POST requests to either quiz-system.php or add-category.php. Successful exploitation of this vulnerability can lead to unauthorized access to sensitive data stored in the database…
Detection coverage 2
SQL Injection in Online Quiz Maker
highDetects potential SQL injection attempts in Online Quiz Maker via POST requests to quiz-system.php or add-category.php
Detecting SQL Injection Attempts via URI Containing Common SQL Keywords
mediumDetects SQL injection attempts by looking for common SQL keywords in the URI.
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
4
url