Vulnerability Bulletins

MSA-22-0027: Quiz sequential navigation bypass using web services

System information

Affected software PHP


by Michael Hawkins. Insufficient limitations in some quiz web services made it possible for students to bypass sequential navigation during a quiz attempt.Severity/Risk:MinorVersions affected:4.0 to 4.0.2, 3.11 to 3.11.8, 3.9 to 3.9.15 and earlier unsupported versionsVersions fixed:4.0.3, 3.11.9 and 3.9.16Reported by:omaralbalouliCVE identifier:CVE-2022-40208Changes (master): issue:MDL-75210 Quiz

More info:

Standar resources

Property Value
CVE CVE-2022-40208.

Version history

Version Comments Date
1.0 Advisory issued 2022-09-28
Ministerio de Defensa
Presidencia española. Consejo de la Unión Europea