Vendor
high
advisory
CVE-2017-20257: Joomla! Component Quiz Deluxe SQL Injection
2 rules 3 TTPs 1 CVEAn unauthenticated SQL injection vulnerability (CVE-2017-20257) in Joomla! Component Quiz Deluxe 3.7.4 allows attackers to execute arbitrary SQL commands and extract sensitive information via the `ajaxaction.flag_question` task using `stu_quiz_id` or `flag_quest` parameters.
Quiz Deluxe 3.7.4
sql-injection
web-application
joomla
cve
data-exfiltration
2r
3t
1c
high
advisory
CVE-2017-20256 - Joomla Survey Force Deluxe SQL Injection Vulnerability
2 rules 3 TTPsCVE-2017-20256 describes an SQL injection vulnerability in Joomla Survey Force Deluxe 3.2.4 that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'invite' parameter in GET requests, enabling the extraction of sensitive database information.
Survey Force Deluxe 3.2.4
sql-injection
joomla
web-application
vulnerability
cve
2r
3t