CVE-2018-25207
SQL Injection in Online Quiz Maker 1.0 Enables Data Theft
Publication date: 2026-03-26
Last updated on: 2026-03-26
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hscripts | online_quiz_maker | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2018-25207 is a SQL injection vulnerability in Online Quiz Maker version 1.0 affecting the 'catid' and 'usern' POST parameters. Authenticated attackers can submit malicious SQL payloads via these parameters to files like quiz-system.php and add-category.php. This allows them to execute arbitrary SQL commands on the backend database.
The vulnerability enables different types of SQL injection attacks, including boolean-based blind SQL injection, time-based blind SQL injection using MySQL's SLEEP() function, and UNION-based SQL injection to extract sensitive database information. Additionally, the application has Cross-Site Scripting (XSS) vulnerabilities that can be exploited further.
The flaw arises from improper input validation and insufficient protection in admin-related scripts, allowing attackers with some level of authentication to manipulate database queries and potentially bypass authentication mechanisms.
How can this vulnerability impact me? :
This vulnerability can have serious security impacts including unauthorized access to sensitive database information, such as user credentials or quiz data.
Attackers can manipulate or extract data from the database by executing arbitrary SQL commands, potentially leading to data disclosure or data tampering.
It also allows attackers to bypass authentication mechanisms, which could enable them to gain administrative privileges and fully control the quiz application.
Such control could lead to unauthorized modification or deletion of quiz content, disruption of service, and compromise of the integrity and availability of the application.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending crafted POST requests to the vulnerable parameters 'catid' and 'usern' in the files quiz-system.php and add-category.php, respectively, and observing the responses for signs of SQL injection.
- Use boolean-based blind SQL injection tests by appending conditions like "AND 4815=4815" to the 'catid' POST parameter and checking if the response changes.
- Perform time-based blind SQL injection by injecting payloads such as "AND SLEEP(5)" in the 'catid' or 'usern' POST parameters and measuring response delays.
- Use UNION-based SQL injection by injecting UNION SELECT statements with appropriate columns to extract database information.
Example command using curl to test time-based SQL injection on 'catid':
- curl -X POST -d "catid=1 AND SLEEP(5)" http://target/quiz-system.php
Example command using curl to test time-based SQL injection on 'usern':
- curl -X POST -d "usern=testing' AND SLEEP(5) AND 'ZECL'='ZECL" http://target/add-category.php
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable application to trusted users only, especially since the vulnerability requires authenticated access.
Implement input validation and sanitization on the 'catid' and 'usern' POST parameters to prevent SQL injection attacks.
Apply web application firewall (WAF) rules to detect and block SQL injection payloads targeting these parameters.
If possible, update or patch the Online Quiz Maker application to a version that addresses these vulnerabilities.
Limit privileges of the database user used by the application to minimize the impact of a successful injection.
Monitor logs for suspicious POST requests to quiz-system.php and add-category.php that contain SQL injection patterns.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2018-25207 is an SQL injection vulnerability in Online Quiz Maker 1.0 that allows authenticated attackers to execute arbitrary SQL commands, potentially extracting sensitive database information or bypassing authentication.
Such vulnerabilities can lead to unauthorized access to sensitive data, which may include personal or confidential information stored in the database.
This unauthorized data access and potential data breach could negatively impact compliance with data protection regulations such as GDPR or HIPAA, which require safeguarding personal and sensitive information against unauthorized access and ensuring data confidentiality and integrity.
Therefore, exploitation of this vulnerability could result in violations of these standards due to failure to adequately protect sensitive data.