What the vulnerability does
01Description
Authorization Bypass Through User-Controlled Key vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.4.
Explanation of Vulnerability in Simple Terms
02Summary
Quiz And Survey Master versions up to 10.3.4 contain an integrity vulnerability allowing network-based modification of data without authentication. An attacker can alter quiz or survey content, responses, or settings over the network. No user interaction or special privileges are required. Site administrators should update to a version newer than 10.3.4 to remediate this issue.
What an attacker can do
03Attacker Capabilities
Modify quiz, survey, or response data without logging in.
Potential impact on your site
04Site Impact
Quiz and survey data can be altered or corrupted by unauthenticated attackers, affecting data integrity.
Conditions required to exploit
05Prerequisites
Network access to the site; no authentication or user interaction required.
Key dates
06Disclosure timeline
February 19, 2026
CVE published
April 28, 2026
Record updated