CVE-2010-3608 | HackTesting

Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) password (pw) parameters to (a) admin.php or (b) user.php.

References

http://www.securityfocus.com/bid/43384

http://www.exploit-db.com/exploits/15075

http://packetstormsecurity.org/1009-exploits/wpquiz27-sql.txt