📄 Description (English)
Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the catid and usern parameters that allow authenticated attackers to execute arbitrary SQL commands. Attackers can submit malicious POST requests to quiz-system.php or add-category.php with crafted SQL payloads in POST parameters to extract sensitive database information or bypass authentication.
🤖 AI Executive Summary
CVE-2018-25207 is a SQL injection vulnerability in Online Quiz Maker 1.0 affecting authenticated users who can execute arbitrary SQL commands through POST parameters in quiz-system.php and add-category.php. With a CVSS score of 7.1, this vulnerability poses a high risk for data extraction and authentication bypass. No patch is currently available, requiring immediate compensating controls and application hardening.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 9, 2026 06:11
🇸🇦 Saudi Arabia Impact Assessment
Saudi organizations using Online Quiz Maker 1.0 for educational platforms, employee training systems, or customer assessment tools face significant risk. Most vulnerable sectors include: Government education institutions (Ministry of Education), universities, banking sector training systems (SAMA-regulated institutions), healthcare training platforms, and telecommunications companies (STC, Mobily) using quiz systems for employee certification. Authenticated attackers could extract sensitive employee data, customer information, or bypass administrative controls, potentially violating SAMA data protection requirements and NCA cybersecurity standards.
🏢 Affected Saudi Sectors
Government - Education (Ministry of Education)
Higher Education - Universities
Banking and Financial Services (SAMA-regulated)
Healthcare
Telecommunications (STC, Mobily)
Corporate Training and Development
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
7.2
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:
1. Identify all instances of Online Quiz Maker 1.0 in your environment and isolate affected systems from production networks if possible
2. Implement Web Application Firewall (WAF) rules to block SQL injection patterns in POST parameters (catid, usern) to quiz-system.php and add-category.php
3. Enable comprehensive logging and monitoring of all POST requests to affected endpoints
4. Restrict access to quiz administration functions to trusted networks only using IP whitelisting
Patching Guidance:
5. Upgrade to a patched version of Online Quiz Maker if available from vendor, or migrate to alternative quiz platforms with active security support
6. If upgrade is not immediately possible, apply input validation and parameterized queries at the application level
Compensating Controls:
7. Implement strict input validation: whitelist allowed characters for catid (numeric only) and usern (alphanumeric only)
8. Use prepared statements/parameterized queries for all database interactions
9. Apply principle of least privilege to database accounts used by the application
10. Implement database activity monitoring (DAM) to detect suspicious SQL patterns
Detection Rules:
11. Monitor for SQL keywords in POST parameters: UNION, SELECT, INSERT, UPDATE, DELETE, DROP, EXEC, SCRIPT
12. Alert on multiple failed authentication attempts followed by POST requests to affected endpoints
13. Track database queries for unusual patterns or access to sensitive tables
14. Implement SIEM rules to correlate WAF blocks with application logs
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. حدد جميع نسخ Online Quiz Maker 1.0 في بيئتك وعزل الأنظمة المتأثرة عن شبكات الإنتاج إن أمكن
2. طبق قواعد جدار حماية تطبيقات الويب (WAF) لحجب أنماط حقن SQL في معاملات POST (catid، usern) إلى quiz-system.php و add-category.php
3. فعّل التسجيل والمراقبة الشاملة لجميع طلبات POST إلى نقاط النهاية المتأثرة
4. قيّد الوصول إلى وظائف إدارة الاختبارات إلى الشبكات الموثوقة فقط باستخدام قائمة بيضاء IP
إرشادات التصحيح:
5. قم بالترقية إلى نسخة مصححة من Online Quiz Maker إن توفرت من المورد، أو انتقل إلى منصات اختبارات بديلة بدعم أمان نشط
6. إذا لم يكن الترقية ممكنة على الفور، طبق التحقق من صحة الإدخال والاستعلامات المعاملة على مستوى التطبيق
الضوابط التعويضية:
7. طبق التحقق الصارم من الإدخال: قائمة بيضاء للأحرف المسموحة لـ catid (أرقام فقط) و usern (أحرف وأرقام فقط)
8. استخدم الاستعلامات المحضرة/الاستعلامات المعاملة لجميع تفاعلات قاعدة البيانات
9. طبق مبدأ أقل امتياز على حسابات قاعدة البيانات المستخدمة من قبل التطبيق
10. طبق مراقبة نشاط قاعدة البيانات (DAM) للكشف عن أنماط SQL المريبة
قواعد الكشف:
11. راقب كلمات SQL الرئيسية في معاملات POST: UNION، SELECT، INSERT، UPDATE، DELETE، DROP، EXEC، SCRIPT
12. أصدر تنبيهات عند محاولات مصادقة فاشلة متعددة متبوعة بطلبات POST إلى نقاط النهاية المتأثرة
13. تتبع استعلامات قاعدة البيانات للأنماط غير العادية أو الوصول إلى الجداول الحساسة
14. طبق قواعد SIEM لربط حجب WAF بسجلات التطبيق
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.14.2.1 - Information security requirements for system development and maintenance
ECC 2024 A.14.2.5 - Secure development policy
ECC 2024 A.14.3.1 - Segregation of development, test and production environments
ECC 2024 A.12.6.1 - Management of technical vulnerabilities
🔵 SAMA CSF
SAMA CSF ID.BE-1 - Business objectives and strategies
SAMA CSF PR.DS-6 - Data is protected from unauthorized access
SAMA CSF DE.CM-1 - The network is monitored to detect potential cybersecurity events
SAMA CSF RS.MI-2 - Incidents are mitigated
🟡 ISO 27001:2022
ISO 27001:2022 A.8.1.1 - Screening
ISO 27001:2022 A.14.2.1 - Information security requirements for system development
ISO 27001:2022 A.14.2.5 - Secure development policy
ISO 27001:2022 A.12.6.1 - Management of technical vulnerabilities
🟣 PCI DSS v4.0.1
PCI DSS 6.5.1 - Injection flaws prevention
PCI DSS 6.2 - Security patches installation
PCI DSS 11.3 - Penetration testing
🔗 References & Sources 4
🔗
🔗
🔗
🔗
https://www.exploit-db.com/exploits/45323
disclosure@vulncheck.com
https://www.hscripts.com/scripts/php/downloads/quiz-maker.zip
disclosure@vulncheck.com
https://www.hscripts.com/scripts/php/quiz-maker.php
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/online-quiz-maker-sql-injection-via-catid-parameter
disclosure@vulncheck.com