Please view the original advisory here.
The Joomla Component BF Quiz fails to sanitize the input passed trough the parameter “catid”. Therefore the software is exposed to SQL injection attacks.
I found this vulnerability while testing my new self-coded SQL injection vulnerability scanner (will be released soon). When I first had a look at this Joomla component I actually didn’t find the vulnerability, lol.
Exploit for this will be released soon!