Summary
This host is running Joomla! with BF Quiz component and is prone to SQL injection vulnerability.
Impact
Successful exploitation will let attackers to manipulate SQL queries by injecting arbitrary SQL code.
Impact Level: Application
Solution
Upgrade to Joomla BF Quiz component version 1.3.1 or later For updates refer to http://extensions.joomla.org/extensions/vertical-markets/education-a-culture/quiz/8142
Insight
The flaw is due to an input passed via the 'catid' parameter to 'index.php' is not properly sanitised before being used in SQL queries.
Affected
Joomla BF Quiz (com_bfquiztrial) component prior to 1.3.1
References
Severity
Classification
-
CVE CVE-2010-5032 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability
- Apache Tomcat AJP Protocol Security Bypass Vulnerability
- AWStats configdir parameter arbitrary cmd exec
- Admbook PHP Code Injection Flaw
- AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities