CVE-2024-7373

MEDIUM

Simple Realtime Quiz System 1.0 - SQL Injection via ajax.php id Parameter

Title source: llm

Description

A vulnerability classified as critical has been found in SourceCodester Simple Realtime Quiz System 1.0. This affects an unknown part of the file /ajax.php?action=load_answered. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273357 was assigned to this vulnerability.

References (4)

Core 4

Core References

Third Party Advisory vdb-entry technical-description

https://vuldb.com/?id.273357

Permissions Required signature permissions-required

https://vuldb.com/?ctiid.273357

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.383521

Exploit exploit

https://gist.github.com/topsky979/9bcb8b09acce0d5a8a453dfd5093881d

Scores

CVSS v3 6.3

EPSS 0.0019

EPSS Percentile 41.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

oretnom23/simple_realtime_quiz_system 1.0

Published Aug 02, 2024

Tracked Since Feb 18, 2026