CVE-2023-28787
published 2024-03-26CVE-2023-28787: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Quiz And Survey Master.This issue affects…
PriorityP266critical9.3CVSS 3.1
AVNACLPRNUINSCCHINAL
EXPLOIT
EPSS
1.98%
78.0th percentile
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.4.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| expresstech | quiz_and_survey_master | n/a – 8.1.4 | — |
Detection & IOCsextracted from sources · hover to see the quote
sigma
contains_all(body, "quiz-master-next", "qsm_")
- →SQL injection probe uses a single-quote payload appended to the plugin parameter (e.g., value ending in `= 8'`) to trigger a detectable error or behavioral difference
- ·Vulnerability affects Quiz And Survey Master versions from n/a through 8.1.4 only; versions above 8.1.4 are not affected by this CVE ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Quiz and Survey Master <= 8.1.4 - SQL Injection
nuclei·CVSS 9.3
CVE-2023-28787 [CRITICAL] Quiz and Survey Master <= 8.1.4 - SQL Injection
Quiz and Survey Master = 8'
- 'status_code == 200'
- 'contains_all(body, "quiz-master-next", "qsm_")'
condition: and
# digest: 4a0a0047304502201c89336d026915a110da3f47f3897e46a3c14baeca6aee440ab3c36dbe15e21d022100bb6360938bd8b8e09ca7b6d6842d56ca99d54e60be230f801ac8e5932865b181:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-1-4-unauthenticated-sql-injection-vulnerability?_s_id=cvehttps://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-1-4-unauthenticated-sql-injection-vulnerability?_s_id=cve
2024-03-26
Published