CVE-2018-14502

Name of the Vulnerable Software and Affected Versions: Kiboko Chained Quiz plugin versions prior to 1.0.9

Description: The issue allows remote unauthenticated users to execute arbitrary SQL commands via the answer and answers parameters in the controllers/quizzes.php file. This can be exploited by accessing the vulnerable API endpoint, although the exact endpoint is not specified. The estimated number of potentially affected devices and details about real-world incidents are not provided.

Recommendations: For versions prior to 1.0.9, update to version 1.0.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the controllers/quizzes.php file or disabling the answer and answers parameters until a patch is applied.