CVE-2018-25207

HIGH

Online Quiz Maker 1.0 SQL Injection via catid Parameter

Title source: cna
STIX 2.1

Description

Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the catid and usern parameters that allow authenticated attackers to execute arbitrary SQL commands. Attackers can submit malicious POST requests to quiz-system.php or add-category.php with crafted SQL payloads in POST parameters to extract sensitive database information or bypass authentication.

Exploits (1)

exploitdb WORKING POC
by AkkuS · textwebappsphp
https://www.exploit-db.com/exploits/45323

References (4)

Core 4
Core References
Exploit exploit
ExploitDB-45323
https://www.exploit-db.com/exploits/45323
Product product
Official Product Homepage
https://www.hscripts.com/scripts/php/quiz-maker.php
Third Party Advisory third-party-advisory
VulnCheck Advisory: Online Quiz Maker 1.0 SQL Injection via catid Parameter
https://www.vulncheck.com/advisories/online-quiz-maker-sql-injection-via-catid-parameter

Scores

CVSS v3 7.1
EPSS 0.0012
EPSS Percentile 30.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
Hscripts/Online Quiz Maker 1.0
Published Mar 26, 2026
Tracked Since Mar 26, 2026