SQL Injection Vulnerabilities in wpQuiz 2.7 by WordPress
CVE-2010-3608

Currently unrated

Key Information:

Vendor: WordPress
Status: WPquiz
Vendor: CVE Published:; 24 September 2010

What is CVE-2010-3608?

Multiple SQL injection vulnerabilities exist in wpQuiz version 2.7, permitting remote attackers to execute arbitrary SQL commands through manipulation of the 'id' and 'password' parameters in admin.php and user.php. This attack vector may result in unauthorized data access or modification, highlighting the necessity for timely updates and rigorous security practices.

References

http://www.securityfocus.com/bid/43384

vdb-entryx_refsource_BID

http://www.exploit-db.com/exploits/15075

exploitx_refsource_EXPLOIT-DB

http://packetstormsecurity.org/1009-exploits/wpquiz27-sql...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 24, 2010