CVE-2018-14502
published 2020-03-10CVE-2018-14502: controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via…
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.69%
84.0th percentile
controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kibokolabs | chained_quiz | < 1.0.9 | 1.0.9 |
| libarchive | libarchive | >= 0 < 3.1.2-7ubuntu2.7 | 3.1.2-7ubuntu2.7 |
| libarchive | libarchive | >= 0 < 3.1.2-11ubuntu0.16.04.5 | 3.1.2-11ubuntu0.16.04.5 |
| libarchive | libarchive | >= 0 < 3.2.2-3.1ubuntu0.2 | 3.2.2-3.1ubuntu0.2 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c78f-85x7-3gg2: controllers/quizzes
ghsa_unreviewed·2022-05-24
CVE-2018-14502 [HIGH] GHSA-c78f-85x7-3gg2: controllers/quizzes
controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters.
OSV
libarchive vulnerabilities
osv·2019-01-15·CVSS 7.5
CVE-2018-1000880 libarchive vulnerabilities
libarchive vulnerabilities
It was discovered that libarchive incorrectly handled certain archive files.
An attacker could possibly use this issue to cause a denial of service.
CVE-2018-1000880 affected only Ubuntu 18.04 LTS and Ubuntu 18.10.
(CVE-2018-1000877, CVE-2018-1000878, CVE-2018-1000880)
It was discovered that libarchive incorrectly handled certain archive files.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
(CVE-2017-14502)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-03-10
Published