SQL Injection Vulnerability in Tecnick TCExam
CVE-2024-47926

9.8CRITICAL

Key Information:

Vendor: Tecnick
Status: Tcexam
Vendor: CVE Published:; 30 December 2024

Summary

The vulnerability in Tecnick TCExam arises from improper neutralization of special elements in SQL commands, categorized under CWE-89. This flaw allows attackers to execute unauthorized SQL code, which can lead to data exposure, corruption, or even system takeover. The vulnerability poses significant risks to applications using vulnerable versions, as it can compromise the integrity and confidentiality of sensitive data managed by the affected software.

Affected Version(s)

TCExam All versions

References

https://www.gov.il/en/Departments/faq/cve_advisories

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 30, 2024
Vulnerability Reserved
Oct 6, 2024

Credit

Guy Hayou