Vulnerabilities > CVE-2006-4978 - Unspecified vulnerability in Walter Beschmout PHPquiz
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN walter-beschmout
exploit available
Summary
Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the univers parameter in score.php and (2) the quiz_id parameter in home.php, accessed through the front/ URI.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | phpQuiz <= 0.1.2 Remote SQL Injection / Code Execution Exploit. CVE-2006-4865,CVE-2006-4977,CVE-2006-4978,CVE-2006-4979. Webapps exploit for php platform |
file | exploits/php/webapps/2376.pl |
id | EDB-ID:2376 |
last seen | 2016-01-31 |
modified | 2006-09-16 |
platform | php |
port | |
published | 2006-09-16 |
reporter | simo64 |
source | https://www.exploit-db.com/download/2376/ |
title | phpQuiz <= 0.1.2 - Remote SQL Injection / Code Execution Exploit |
type | webapps |
References
- http://secunia.com/advisories/22015
- http://secunia.com/advisories/22015
- http://securityreason.com/securityalert/1627
- http://securityreason.com/securityalert/1627
- http://www.morx.org/phpquiz.txt
- http://www.morx.org/phpquiz.txt
- http://www.securityfocus.com/archive/1/446315/100/0/threaded
- http://www.securityfocus.com/archive/1/446315/100/0/threaded
- http://www.securityfocus.com/bid/20065
- http://www.securityfocus.com/bid/20065
- http://www.vupen.com/english/advisories/2006/3693
- http://www.vupen.com/english/advisories/2006/3693
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28993
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28993
- https://www.exploit-db.com/exploits/2376
- https://www.exploit-db.com/exploits/2376