CVE-2009-1843

Name of the Vulnerable Software and Affected Versions: Flash Quiz Beta 2

Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in multiple parameters, including the quiz parameter to various API endpoints such as "/num questions.php", "/answers.php", "/high score.php", "/high score web.php", "/results table web.php", and "/question.php", and the order number parameter to "/answers.php" and "/question.php".

Recommendations: For Flash Quiz Beta 2, to mitigate the risk, consider validating and sanitizing user input for the quiz and order number parameters in the affected API endpoints. As a temporary workaround, restrict access to the vulnerable endpoints until a patch is available.