SQL Injection Vulnerabilities in TCExam by Nicola Asuni
CVE-2012-4601

Currently unrated

Key Information:

Vendor

Tecnick

Status
Tcexam
Vendor
CVE Published:
23 November 2012

What is CVE-2012-4601?

Multiple SQL injection vulnerabilities exist within TCExam, allowing remote authenticated users with elevated permissions to execute arbitrary SQL commands. Attackers can manipulate the (1) user_groups[] parameter in the admin/code/tce_edit_test.php file or the (2) subject_id parameter in admin/code/tce_show_all_questions.php file. This exploitation can lead to unauthorized manipulation of the database and potential data breaches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam...
x_refsource_CONFIRM
http://secunia.com/advisories/50539
third-party-advisoryx_refsource_SECUNIA
https://www.htbridge.com/advisory/HTB23111
x_refsource_MISC

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.