CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2010-3608 – wpQuiz 2.7 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2010-3608
Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) password (pw) parameters to (a) admin.php or (b) user.php. Multiples vulnerabilidades de inyección SQL en wpQuiz v2.7 permite a atacantes remotos ejecutar comandos SQL de su elección a través de los parámetros (1) id y (2) password (pw) de (a) admin.php o (b) user.php. • https://www.exploit-db.com/exploits/15075 http://packetstormsecurity.org/1009-exploits/wpquiz27-sql.txt http://www.exploit-db.com/exploits/15075 http://www.securityfocus.com/bid/43384 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2007-6172 – wpQuiz 2.7 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2007-6172
Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewimage.php and (2) comments.php. Múltiples vulnerabilidades de inyección SQL en wpQuiz 2.7 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id de (1) viewimage.php y (2) comments.php. • https://www.exploit-db.com/exploits/4668 http://secunia.com/advisories/27843 http://www.securityfocus.com/bid/26611 http://www.securityfocus.com/bid/26621 https://exchange.xforce.ibmcloud.com/vulnerabilities/38680 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2004-1704
https://notcve.org/view.php?id=CVE-2004-1704
WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain privileges via a direct request to adminrestore.php in the extras directory. • http://marc.info/?l=bugtraq&m=109122270013514&w=2 http://www.osvdb.org/8321 https://exchange.xforce.ibmcloud.com/vulnerabilities/16848 •