Vulnerabilities > CVE-2006-4978 - Input Validation vulnerability in PHPQuiz
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the univers parameter in score.php and (2) the quiz_id parameter in home.php, accessed through the front/ URI.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | phpQuiz <= 0.1.2 Remote SQL Injection / Code Execution Exploit. CVE-2006-4865,CVE-2006-4977,CVE-2006-4978,CVE-2006-4979. Webapps exploit for php platform |
| file | exploits/php/webapps/2376.pl |
| id | EDB-ID:2376 |
| last seen | 2016-01-31 |
| modified | 2006-09-16 |
| platform | php |
| port | |
| published | 2006-09-16 |
| reporter | simo64 |
| source | https://www.exploit-db.com/download/2376/ |
| title | phpQuiz <= 0.1.2 - Remote SQL Injection / Code Execution Exploit |
| type | webapps |
References
- http://secunia.com/advisories/22015
- http://securityreason.com/securityalert/1627
- http://www.morx.org/phpquiz.txt
- http://www.securityfocus.com/archive/1/446315/100/0/threaded
- http://www.securityfocus.com/bid/20065
- http://www.vupen.com/english/advisories/2006/3693
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28993
- https://www.exploit-db.com/exploits/2376