CVE-2018-25207

HIGH 7.1

Online Quiz Maker 1.0 SQL Injection via catid Parameter

CVSS Score

7.1

EPSS Score

0.0%

EPSS Percentile

0th

Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the catid and usern parameters that allow authenticated attackers to execute arbitrary SQL commands. Attackers can submit malicious POST requests to quiz-system.php or add-category.php with crafted SQL payloads in POST parameters to extract sensitive database information or bypass authentication.

CWE	CWE-89
Vendor	hscripts
Product	online quiz maker
Published	Mar 26, 2026
Last Updated	Mar 26, 2026

Stay Ahead of the Next One

Get instant alerts for hscripts online quiz maker

Be the first to know when new high vulnerabilities affecting hscripts online quiz maker are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

Affected Versions

Hscripts / Online Quiz Maker

1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/45323 hscripts.com: https://www.hscripts.com/scripts/php/quiz-maker.php hscripts.com: https://www.hscripts.com/scripts/php/downloads/quiz-maker.zip vulncheck.com: https://www.vulncheck.com/advisories/online-quiz-maker-sql-injection-via-catid-parameter

Credits

Özkan Mustafa Akkuş (AkkuS)