TYPO3-EXT-SA-2022-018: Multiple vulnerabilities in extension "Master-Quiz" (fp_masterquiz)
Moderate severity
GitHub Reviewed
Published
Dec 14, 2022
to the GitHub Advisory Database
•
Updated Nov 27, 2023
Package
Affected versions
>= 3.0.0, < 3.5.2
< 2.2.1
Patched versions
3.5.2
2.2.1
Description
Published by the National Vulnerability Database
Dec 14, 2022
Published to the GitHub Advisory Database
Dec 14, 2022
Reviewed
Feb 8, 2023
Last updated
Nov 27, 2023
Credits
-
MarkLee131 Analyst
An issue was discovered in the fp_masterquiz (aka Master-Quiz) extension before 2.2.1, and 3.x before 3.5.1, for TYPO3. An attacker can continue the quiz of a different user. In doing so, the attacker can view that user's answers and modify those answers.
References