SQL Injection Vulnerability Affects Quiz And Survey Master
CVE-2023-28787

9.3CRITICAL

Key Information:

Vendor: WordPress
Status: Quiz And Survey Master
Vendor: CVE Published:; 26 March 2024

Summary

This vulnerability in the ExpressTech Quiz And Survey Master plugin arises from improper neutralization of special elements utilized in SQL commands, enabling attackers to execute unauthorized SQL queries. As a result, an attacker could potentially gain access to sensitive information and manipulate database records. This issue affects all versions from n/a through 8.1.4, highlighting the need for immediate attention and remediation to secure user data.

Affected Version(s)

Quiz And Survey Master <= 8.1.4

References

https://patchstack.com/database/vulnerability/quiz-master...

vdb-entry

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 26, 2024
Vulnerability Reserved
Mar 23, 2023

Credit

Rafie Muhammad (Patchstack)