CVE-2006-4978 Information

Description

Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the univers parameter in score.php and (2) the quiz_id parameter in home.php accessed through the front/ URI.

Reference

http://secunia.com/advisories/22015 http://securityreason.com/securityalert/1627 http://www.morx.org/phpquiz.txt http://www.securityfocus.com/archive/1/446315/100/0/threaded http://www.securityfocus.com/bid/20065 http://www.vupen.com/english/advisories/2006/3693 https://exchange.xforce.ibmcloud.com/vulnerabilities/28993 https://www.exploit-db.com/exploits/2376