CVE-2006-4978

Walter Beschmout PhpQuiz <1.2 - SQL Injection

Title source: llm

Description

Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the univers parameter in score.php and (2) the quiz_id parameter in home.php, accessed through the front/ URI.

Exploits (1)

exploitdb WORKING POC VERIFIED

by simo64 · perlwebappsphp

https://www.exploit-db.com/exploits/2376

View Code ZIP pw:eip

References (8)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/2376

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/3693

[Exploit] http://www.morx.org/phpquiz.txt

[Third Party Advisory] http://securityreason.com/securityalert/1627

[Vendor Advisory] http://secunia.com/advisories/22015

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/28993

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/20065

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/446315/100/0/threaded

Scores

EPSS 0.0293

EPSS Percentile 86.5%

Details

Status published

Products (1)

walter_beschmout/phpquiz < 1.2

Published Sep 25, 2006

Tracked Since Feb 18, 2026