CVE-2017-20257

HIGH

Joomla! Component Quiz Deluxe 3.7.4 SQL Injection

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-20257. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary The exploit demonstrates a SQL injection vulnerability in Joomla! Component Quiz Deluxe 3.7.4 via the 'stu_quiz_id' and 'flag_quest' parameters. It provides clear proof-of-concept URLs for exploitation.

Description

Joomla! Component Quiz Deluxe 3.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the ajaxaction.flag_question task. Attackers can inject malicious SQL code via the stu_quiz_id or flag_quest parameters to manipulate database queries and extract sensitive information.

Exploits (1)

exploitdb WORKING POC
by Ihsan Sencan · textwebappsphp
https://www.exploit-db.com/exploits/42589

The exploit demonstrates a SQL injection vulnerability in Joomla! Component Quiz Deluxe 3.7.4 via the 'stu_quiz_id' and 'flag_quest' parameters. It provides clear proof-of-concept URLs for exploitation.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Joomla! Component Quiz Deluxe 3.7.4
No auth needed
Prerequisites: Access to the vulnerable Joomla component
devstral-2 · analyzed Jun 19, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit exploit
ExploitDB-42589
https://www.exploit-db.com/exploits/42589
Product product
Official Product Homepage
http://joomplace.com/
Third Party Advisory third-party-advisory
VulnCheck Advisory: Joomla! Component Quiz Deluxe 3.7.4 SQL Injection
https://www.vulncheck.com/advisories/joomla-component-quiz-deluxe-sql-injection

Scores

CVSS v3 8.2
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Details

CWE
CWE-89
Status published
Products (1)
Joomplace/Quiz Deluxe 3.7.4
Published Jun 19, 2026
Tracked Since Jun 19, 2026