What is CVE-2018-25207?

CVE-2018-25207 is a high-severity vulnerability in Hscripts Online Quiz Maker, classified under SQL Injection. CVSS score: 7.1/10. Published 2026-03-26.

How severe is CVE-2018-25207?

High severity. CVSS v3 base score is 7.1 out of 10.

SQL Injection in Hscripts Online Quiz Maker

CVE-2018-25207

Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the catid and usern parameters that allow authenticated attackers to execute arbitrary SQL commands. Attackers can submit malicious POST requests to quiz-system.php or add-cat…

Vulnerability class: SQL Injection

EPSS: 0.001 (34.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N.

Affected products

Hscripts Online Quiz Maker — versions 1.0

Weakness classification (CWE)

CWE-89 — SQL Injection

References

ExploitDB-45323 (exploit)
Official Product Homepage (product)
Product Reference (product)
VulnCheck Advisory: Online Quiz Maker 1.0 SQL Injection via catid Parameter (third-party-advisory)

Frequently asked questions

What is CVE-2018-25207?: CVE-2018-25207 is a high-severity vulnerability in Hscripts Online Quiz Maker, classified under SQL Injection. CVSS score: 7.1/10. Published 2026-03-26.
How severe is CVE-2018-25207?: High severity. CVSS v3 base score is 7.1 out of 10.