An issue was discovered in the fp_masterquiz (aka Master-Quiz) extension before 2.2.1, and 3.x before 3.5.1, for TYPO3. An attacker can continue the quiz of a different user. In doing so, the attacker can view that user’s answers and modify those answers.
CPE | Name | Operator | Version |
---|---|---|---|
master-quiz | lt | 2.2.1 | |
master-quiz | ge | 3.0.0 | |
master-quiz | lt | 3.5.1 |