CVE-2018-25207

Name of the Vulnerable Software and Affected Versions Online Quiz Maker version 1.0

Description Authenticated attackers can execute arbitrary SQL commands due to SQL injection flaws. By submitting malicious POST requests to the endpoints "quiz-system.php" or "add-category.php" using crafted payloads in the catid and usern parameters, attackers can bypass authentication or extract sensitive information from the database.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.