What the vulnerability does
01Description
Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.4.
Explanation of Vulnerability in Simple Terms
02Summary
Quiz And Survey Master versions up to 10.3.4 lack proper authorization checks, allowing authenticated users to modify quiz or survey data they should not have access to. An attacker with a low-privilege account can alter quiz settings, questions, or responses without permission. The vulnerability affects the integrity of quiz data but does not expose sensitive information or cause service disruption.
What an attacker can do
03Attacker Capabilities
Modify quiz or survey data belonging to other users or administrators.
Potential impact on your site
04Site Impact
Quiz and survey data integrity is at risk; users may alter quizzes they don't own.
Conditions required to exploit
05Prerequisites
Attacker must have a valid low-privilege user account on the site.
Key dates
06Disclosure timeline
February 19, 2026
CVE published
April 28, 2026
Record updated