Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Web Server/CGI)  >   Quiz Me! Vendors:   Spice, Mike
Quiz Me! Testing Script May Allow Remote Users to Execute Arbitrary Code on the Web Server
SecurityTracker Alert ID:  1003254
SecurityTracker URL:
CVE Reference:   CVE-2002-1627   (Links to External Site)
Updated:  May 19 2008
Original Entry Date:  Jan 16 2002
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 0.6
Description:   A vulnerability was reported in Quiz Me!, a Perl-based script that implements a quizing mechanism for conducting tests via a web page. A remote user may be able to execute arbitrary code on the web server.

The code would run with the privileges of the web server.

Impact:   A remote user can cause arbitrary code to be executed with the privileges of the web server, potentially giving the user access to the server.
Solution:   The vendor has issued a fixed version (0.6), available at:!/

Vendor URL:!/ (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)
Underlying OS Comments:  Perl-based

Message History:   None.

 Source Message Contents

Subject:  Quiz Me! Code Execution Flaw

  Quiz Me! 0.6
  by Mike Spice (
  Thursday, January 10th 2002 05:26

About: Quiz Me! is a simple CGI/PERL application that allows one to give
quizzes over the Web. It grades the quiz and tells the user how they
prints out some neat graphs, and tells them what their score could mean
them. This is all done easily by editing a plain text file that contains
all of the questions and answers (a sample is included).

Changes: This release incorporates major security fixes. All users are
encouraged to update immediately.

License: Freeware



Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC