CVE-2007-2430

2007-05-02T00:19:00
ID CVE-2007-2430
Type cve
Reporter cve@mitre.org
Modified 2017-10-11T01:32:00

Description

shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows remote attackers to create arbitrary PHP files in cache/ by placing file contents and directory traversal manipulations into a SessionUserLang cookie to public/code/index.php.