CVE-2024-6028 Scanner
CVE-2024-6028 scanner - SQL Injection vulnerability in Quiz Maker
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
4 weeks
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
Quiz Maker is a popular plugin used with WordPress to create and manage online quizzes. It is widely used by educators, businesses, and website owners to engage users and assess knowledge. The plugin provides a user-friendly interface for quiz creation and result analysis. Due to its integration with WordPress, it benefits from the extensive features and flexibility of the platform. However, its popularity also makes it a target for vulnerabilities.
The SQL Injection vulnerability in Quiz Maker plugin allows attackers to manipulate SQL queries by injecting malicious SQL code. This can result in unauthorized access to sensitive data stored in the database. The vulnerability affects versions up to and including 6.5.8.3. Exploiting this vulnerability can lead to severe consequences, including data breaches and database corruption.
The vulnerability is located in the 'ays_questions' parameter used in the plugin's SQL queries. Insufficient escaping and lack of preparation of this parameter allow attackers to inject additional SQL commands. The vulnerable endpoint is the 'admin-ajax.php' script, accessed via a POST request. By manipulating the 'ays_questions' parameter, attackers can execute arbitrary SQL queries, compromising the database. The issue has been fixed in version 6.5.8.4.
Exploiting this vulnerability can lead to unauthorized access to sensitive data, such as user credentials and personal information. Attackers can also modify or delete database records, leading to data loss and corruption. Additionally, the vulnerability can be used to gain administrative access to the WordPress site, posing further security risks. Overall, the impact is critical and can severely compromise the affected systems.
Join S4E today to protect your digital assets with our comprehensive Cyber Threat Exposure Management services. Our platform leverages cutting-edge technology to identify and mitigate vulnerabilities like SQL Injection in popular plugins. Benefit from our detailed reports, timely alerts, and expert recommendations to stay ahead of threats. Sign up now and ensure the security of your online presence with S4E.
References:
