CVE-2024-7372

MEDIUM

Simple Realtime Quiz System 1.0 - SQL Injection via Quiz Parameter in quiz_board.php

Title source: llm

Description

A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /quiz_board.php. The manipulation of the argument quiz leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273356.

References (4)

Core 4

Core References

Third Party Advisory vdb-entry technical-description

https://vuldb.com/?id.273356

Permissions Required signature permissions-required

https://vuldb.com/?ctiid.273356

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.383520

Exploit exploit

https://gist.github.com/topsky979/6437f7c2f86d309ca000d0a33885d7bc

Scores

CVSS v3 6.3

EPSS 0.0019

EPSS Percentile 41.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-89

Status published

Products (1)

oretnom23/simple_realtime_quiz_system 1.0

Published Aug 02, 2024

Tracked Since Feb 18, 2026