PT-2010-3944 · Activewebsoftwares.Com · Ewebquiz

Published

2010-06-21

Updated

2017-08-17

CVE-2010-2359

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ActiveWebSoftwares.com eWebquiz version 8

Description A SQL injection issue exists, allowing remote attackers to execute arbitrary SQL commands via the QuizType parameter in eWebQuiz.asp.

Recommendations For version 8, avoid using the QuizType parameter in the affected eWebQuiz.asp until the issue is resolved.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2010-2359

Affected Products

Ewebquiz

PT-2010-3944 · Activewebsoftwares.Com · Ewebquiz

CVE-2010-2359

Weakness Enumeration

Related Identifiers

Affected Products

References · 6