Vulnerabilities > Activewebsoftwares > Ewebquiz > High

DATE CVE VULNERABILITY TITLE RISK
2010-06-21 CVE-2010-2359 SQL Injection vulnerability in Activewebsoftwares Ewebquiz 8.0
SQL injection vulnerability in eWebQuiz.asp in ActiveWebSoftwares.com eWebquiz 8 allows remote attackers to execute arbitrary SQL commands via the QuizType parameter, a different vector than CVE-2007-1706.
network
low complexity
activewebsoftwares CWE-89
7.5
2009-12-28 CVE-2009-4436 SQL Injection vulnerability in Activewebsoftwares Ewebquiz 8.0
Multiple SQL injection vulnerabilities in Active Web Softwares eWebquiz 8 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp, different vectors than CVE-2007-1706.
network
low complexity
activewebsoftwares CWE-89
7.5