ExpressTech Quiz And Survey Master (versions up to 8.1.4) contains an SQL injection caused by improper neutralization of special elements used in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires user interaction. [已公开] id: CVE-2023-28787 info: name: Quiz and Survey Master <= 8.1.4 - SQL Injection author: Shivam Kamboj severity: critical description: | ExpressTech Quiz And Survey Master (versions up to 8.1.4) contains an SQL injection caused by improper neutralization of special elements used in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires user interaction. impact: | Attackers can execute arbitrary SQL commands, potentially leading to data theft, data tampering, or database compromise. remediation: | Update to the latest version of Quiz And Survey Master that addresses this vulnerability. reference: - https://patchstack.com/articles/critical-unauthenticated-sql-injection-in-quiz-and-survey-master/ - https://patchstack.com/database/wordpress/plugin/quiz-master-next/vulnerability/wordpress-quiz-and-survey-master-plugin-8-1-4-unauthenticated-sql-injection-vulnerability - https://nvd.nist.gov/vuln/detail/CVE-2023-28787 cl

未知