Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the univers parameter in score.php and (2) the quiz_id parameter in home.php, accessed through the front/ URI.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Phpquiz | Walter_beschmout | * | 1.2 (including) |