SQL Injection Vulnerability in Kiboko Chained Quiz for WordPress
CVE-2018-14502

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: Chained Quiz
Vendor: CVE Published:; 10 March 2020

Summary

The Kiboko Chained Quiz plugin for WordPress prior to version 1.0.9 has a vulnerability that permits remote unauthenticated users to inject and execute arbitrary SQL commands. This is achieved through malicious manipulation of the 'answer' and 'answers' parameters within the controllers/quizzes.php file, potentially exposing sensitive information or compromising the integrity of the database. It is crucial for users to update to the latest version to mitigate risks associated with this vulnerability.

References

https://wordpress.org/plugins/chained-quiz/#developers

x_refsource_MISC

https://wpvulndb.com/vulnerabilities/9112

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 10, 2020
Vulnerability Reserved
Jul 22, 2018