CVE-2006-4978 - Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 and earlier allow remote atta

CVE-2006-4978

Summary

Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the univers parameter in score.php and (2) the quiz_id parameter in home.php, accessed through the front/ URI.

References

http://secunia.com/advisories/22015
http://securityreason.com/securityalert/1627
http://www.morx.org/phpquiz.txt
http://www.securityfocus.com/archive/1/446315/100/0/threaded
http://www.securityfocus.com/bid/20065
http://www.vupen.com/english/advisories/2006/3693
https://exchange.xforce.ibmcloud.com/vulnerabilities/28993
https://www.exploit-db.com/exploits/2376

Vulnerable Configurations

cpe:2.3:a:walter_beschmout:phpquiz:*:*:*:*:*:*:*:*
cpe:2.3:a:walter_beschmout:phpquiz:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 17-10-2018 - 21:40)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	20065
bugtraq	20060916 PHPQuiz Multiple Remote Vulnerabilites
exploit-db	2376
misc	http://www.morx.org/phpquiz.txt
secunia	22015
sreason	1627
vupen	ADV-2006-3693
xf	phpquiz-score-sql-injection(28993)

Last major update

17-10-2018 - 21:40

Published

25-09-2006 - 01:07

Last modified

17-10-2018 - 21:40