CVE-2018-25207

HIGH

Online Quiz Maker 1.0 SQL Injection via catid Parameter

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25207. PoCs published by AkkuS.

AI-analyzed exploit summary The exploit demonstrates SQL injection vulnerabilities in Online Quiz Maker 1.0 via the 'catid' and 'usern' parameters, including boolean-based blind, time-based blind, and UNION-based payloads. It provides clear HTTP request examples with payloads for exploitation.

Description

Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the catid and usern parameters that allow authenticated attackers to execute arbitrary SQL commands. Attackers can submit malicious POST requests to quiz-system.php or add-category.php with crafted SQL payloads in POST parameters to extract sensitive database information or bypass authentication.

Exploits (1)

exploitdb WORKING POC

by AkkuS · textwebappsphp

https://www.exploit-db.com/exploits/45323

View Code ZIP pw:eip

The exploit demonstrates SQL injection vulnerabilities in Online Quiz Maker 1.0 via the 'catid' and 'usern' parameters, including boolean-based blind, time-based blind, and UNION-based payloads. It provides clear HTTP request examples with payloads for exploitation.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Online Quiz Maker 1.0

No auth needed

Prerequisites: access to the vulnerable web application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Apr 08, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-45323

https://www.exploit-db.com/exploits/45323

Product product

Official Product Homepage

https://www.hscripts.com/scripts/php/quiz-maker.php

Product product

Product Reference

https://www.hscripts.com/scripts/php/downloads/quiz-maker.zip

Third Party Advisory third-party-advisory

VulnCheck Advisory: Online Quiz Maker 1.0 SQL Injection via catid Parameter

https://www.vulncheck.com/advisories/online-quiz-maker-sql-injection-via-catid-parameter

Scores

CVSS v3 7.1

EPSS 0.0027

EPSS Percentile 18.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

Hscripts/Online Quiz Maker 1.0

Published Mar 26, 2026

Tracked Since Mar 26, 2026