CVE-2022-47407

Published: Dec 14, 2022Modified: Apr 21, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Exploitability: 3.9 / Impact: 2.5

Source: NVD

Description

An issue was discovered in the fp_masterquiz (aka Master-Quiz) extension before 2.2.1, and 3.x before 3.5.1, for TYPO3. An attacker can continue the quiz of a different user. In doing so, the attacker can view that user's answers and modify those answers.

Affected (2)

Products: Master Quiz Project: Master Quiz

Master Quiz Project

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Master Quiz Project Master Quiz	Before 2.2.1
Master Quiz Project Master Quiz	From 3.0.0 to 3.5.1

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://typo3.org/security/advisory/typo3-ext-sa-2022-018

Source: cve@mitre.org

PatchVendor Advisory

https://typo3.org/security/advisory/typo3-ext-sa-2022-018

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.