An issue exists in the fp_masterquiz (aka Master-Quiz) extension prior to 2.2.1, and 3.x prior to 3.5.1, for TYPO3. An attacker can continue the quiz of a different user. In doing so, the attacker can view that user's answers and modify those answers.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
master-quiz project master-quiz |