This host is running Joomla! with BF Quiz component and is prone to SQL injection vulnerability.

Successful exploitation will let attackers to manipulate SQL queries by injecting arbitrary SQL code. Impact Level: Application

Upgrade to Joomla BF Quiz component version 1.3.1 or later For updates refer to http://extensions.joomla.org/extensions/vertical-markets/education-a-culture/quiz/8142

The flaw is due to an input passed via the 'catid' parameter to 'index.php' is not properly sanitised before being used in SQL queries.

Joomla BF Quiz (com_bfquiztrial) component prior to 1.3.1

• http://packetstormsecurity.org/files/90080/joomlabfquiz-sql.txt
• http://secunia.com/advisories/39960
• http://xenuser.org/documents/security/joomla_com_bfquiz_sqli.txt
• http://xforce.iss.net/xforce/xfdb/58979

---

Updated on 2015-03-25