SQL Injection Vulnerabilities in TCExam by Nicola Asuni
CVE-2012-4601

Currently unrated

Key Information:

Vendor: Tecnick
Status: Tcexam
Vendor: CVE Published:; 23 November 2012

What is CVE-2012-4601?

Multiple SQL injection vulnerabilities exist within TCExam, allowing remote authenticated users with elevated permissions to execute arbitrary SQL commands. Attackers can manipulate the (1) user_groups[] parameter in the admin/code/tce_edit_test.php file or the (2) subject_id parameter in admin/code/tce_show_all_questions.php file. This exploitation can lead to unauthorized manipulation of the database and potential data breaches.

References

http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam...

x_refsource_CONFIRM

http://secunia.com/advisories/50539

third-party-advisoryx_refsource_SECUNIA

https://www.htbridge.com/advisory/HTB23111

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Nov 23, 2012

Tecnick

What is CVE-2012-4601?

References

Timeline