What the vulnerability does
01Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Ays Pro Quiz Maker quiz-maker allows Retrieve Embedded Sensitive Data.This issue affects Quiz Maker: from n/a through <= 6.7.0.65.
Explanation of Vulnerability in Simple Terms
02Summary
Quiz Maker versions up to 6.7.0.65 expose sensitive information through improper access controls. An attacker can read data without authentication by sending network requests to the application. The vulnerability affects confidentiality but not data integrity or availability. Site administrators should update to a version newer than 6.7.0.65.
What an attacker can do
03Attacker Capabilities
Read sensitive information from the Quiz Maker application without logging in.
Potential impact on your site
04Site Impact
Sensitive quiz data or user information may be exposed to unauthenticated visitors.
Conditions required to exploit
05Prerequisites
Network access to the site; no authentication or user interaction required.
Key dates
06Disclosure timeline
September 22, 2025
CVE published
May 12, 2026
Record updated