Joomla Component BF Quiz SQL Injection Vulnerability

Please view the original advisory here.

The Joomla Component BF Quiz fails to sanitize the input passed trough the parameter “catid”. Therefore the software is exposed to SQL injection attacks.

I found this vulnerability while testing my new self-coded SQL injection vulnerability scanner (will be released soon). When I first had a look at this Joomla component I actually didn’t find the vulnerability, lol.

Exploit for this will be released soon!