CVE-2006-4978

2006-09-2501:00:00

mitre

www.cve.org

AI Score

8.5

Confidence

Low

EPSS

0.009

Percentile

82.8%

JSON

Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the univers parameter in score.php and (2) the quiz_id parameter in home.php, accessed through the front/ URI.

References

secunia.com/advisories/22015

securityreason.com/securityalert/1627

www.morx.org/phpquiz.txt

www.securityfocus.com/archive/1/446315/100/0/threaded

www.securityfocus.com/bid/20065

www.vupen.com/english/advisories/2006/3693

exchange.xforce.ibmcloud.com/vulnerabilities/28993

www.exploit-db.com/exploits/2376