CVE-2024-7375

MEDIUM

Simple Realtime Quiz System 1.0 - SQL Injection via quiz Parameter in my_quiz_result.php

Title source: llm

Description

A vulnerability, which was classified as critical, has been found in SourceCodester Simple Realtime Quiz System 1.0. This issue affects some unknown processing of the file /my_quiz_result.php. The manipulation of the argument quiz leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273359.

References (4)

Core 4

Core References

Third Party Advisory vdb-entry technical-description

https://vuldb.com/?id.273359

Permissions Required, Third Party Advisory signature permissions-required

https://vuldb.com/?ctiid.273359

Third Party Advisory third-party-advisory

https://vuldb.com/?submit.383523

Exploit exploit

https://gist.github.com/topsky979/840587360c33d53efb359ff314f7ea24

Scores

CVSS v3 6.3

EPSS 0.0011

EPSS Percentile 28.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-89

Status published

Products (1)

oretnom23/simple_realtime_quiz_system 1.0

Published Aug 02, 2024

Tracked Since Feb 18, 2026