SQL Injection Vulnerabilities in TCExam by SourceForge
CVE-2012-4237

Currently unrated

Key Information:

Vendor: Tecnick
Status: Tcexam
Vendor: CVE Published:; 20 August 2012

What is CVE-2012-4237?

TCExam versions before 11.3.008 are susceptible to multiple SQL injection vulnerabilities. Authenticated users with level 5 or higher permissions can exploit these vulnerabilities to execute arbitrary SQL commands. This can occur through the subject_module_id parameter when accessing specific scripts such as tce_edit_answer.php or tce_edit_question.php. This flaw poses significant risks for data integrity and security, allowing unauthorized access to sensitive information.

References

http://www.securityfocus.com/bid/54861

vdb-entryx_refsource_BID

http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam...

x_refsource_CONFIRM

http://archives.neohapsis.com/archives/bugtraq/2012-08/00...

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 20, 2012

Tecnick

What is CVE-2012-4237?

References

Timeline