{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2018-25207/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["sql-injection","cve-2018-25207","web-application"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eOnline Quiz Maker 1.0 is susceptible to SQL injection vulnerabilities, specifically identified as CVE-2018-25207. The vulnerability resides in the \u003ccode\u003ecatid\u003c/code\u003e and \u003ccode\u003eusern\u003c/code\u003e parameters, which can be exploited by an authenticated attacker to inject arbitrary SQL commands. The attack vector involves crafting malicious POST requests to either \u003ccode\u003equiz-system.php\u003c/code\u003e or \u003ccode\u003eadd-category.php\u003c/code\u003e. Successful exploitation of this vulnerability can lead to unauthorized access to sensitive data stored in the database…\u003c/p\u003e\n","date_modified":"2026-03-26T12:16:05Z","date_published":"2026-03-26T12:16:05Z","id":"/briefs/2026-03-online-quiz-maker-sqli/","summary":"Online Quiz Maker 1.0 is vulnerable to SQL injection via the catid and usern parameters, allowing authenticated attackers to execute arbitrary SQL commands by submitting malicious POST requests to quiz-system.php or add-category.php.","title":"Online Quiz Maker 1.0 SQL Injection Vulnerability (CVE-2018-25207)","url":"https://feed.craftedsignal.io/briefs/2026-03-online-quiz-maker-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2018-25207","version":"https://jsonfeed.org/version/1.1"}