CVE-2019-14230

Name of the Vulnerable Software and Affected Versions Viral Quiz Maker - OnionBuzz plugin versions prior to 1.2.7

Description An issue in the plugin allows an unauthenticated user to perform a SQL injection attack due to the lack of sanitization of the id parameter in the "set count" AJAX handler. This can lead to remote code execution and information disclosure.

Recommendations For versions prior to 1.2.7, update to version 1.2.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the "set count" AJAX handler to minimize the risk of exploitation. Avoid using the id parameter in the affected AJAX endpoint until the issue is resolved.