CVE-2017-20257

HIGH NVD

CVSS Score 8.2

Severity HIGH

Published Jun 19, 2026

Vendor unknown

Description

Joomla! Component Quiz Deluxe 3.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the ajaxaction.flag_question task. Attackers can inject malicious SQL code via the stu_quiz_id or flag_quest parameters to manipulate database queries and extract sensitive information.

References

http://joomplace.com/
https://extensions.joomla.org/extensions/extension/living/education-a-culture/quiz-deluxe/
https://www.exploit-db.com/exploits/42589
https://www.vulncheck.com/advisories/joomla-component-quiz-deluxe-sql-injection