Description
Joomla! Component Quiz Deluxe 3.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the ajaxaction.flag_question task. Attackers can inject malicious SQL code via the stu_quiz_id or flag_quest parameters to manipulate database queries and extract sensitive information.
Problem types
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Product status
Credits
Ihsan Sencan
References
www.exploit-db.com/exploits/42589 (ExploitDB-42589)
joomplace.com/ (Official Product Homepage)
extensions.joomla.org/...ng/education-a-culture/quiz-deluxe/ (Product Reference)
www.vulncheck.com/...mla-component-quiz-deluxe-sql-injection (VulnCheck Advisory: Joomla! Component Quiz Deluxe 3.7.4 SQL Injection)