cbcvebase.
CVE-2018-14502
published 2020-03-10

CVE-2018-14502: controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via…

PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.69%
84.0th percentile
controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters.

Affected

4 ranges
VendorProductVersion rangeFixed in
kibokolabschained_quiz< 1.0.91.0.9
libarchivelibarchive>= 0 < 3.1.2-7ubuntu2.73.1.2-7ubuntu2.7
libarchivelibarchive>= 0 < 3.1.2-11ubuntu0.16.04.53.1.2-11ubuntu0.16.04.5
libarchivelibarchive>= 0 < 3.2.2-3.1ubuntu0.23.2.2-3.1ubuntu0.2

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.