Lucene search

PRIOn knowledge basePRION:CVE-2012-4237

HistoryAug 20, 2012 - 8:55 p.m.

Sql injection

2012-08-2020:55:00

PRIOn knowledge base

www.prio-n.com

8.8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.049 Low

EPSS

Percentile

92.6%

JSON

Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php.

CPENameOperatorVersion
tcexameq11.1.019
tcexameq11.3.000
tcexameq10.1.013
tcexameq10.1.007
tcexameq11.2.016
tcexameq11.2.032
tcexameq11.2.005
tcexameq11.1.004
tcexameq11.1.021
tcexameq11.1.006

Name	Operator	Version
tcexam	eq	11.1.019
tcexam	eq	11.3.000
tcexam	eq	10.1.013
tcexam	eq	10.1.007
tcexam	eq	11.2.016
tcexam	eq	11.2.032
tcexam	eq	11.2.005
tcexam	eq	11.1.004
tcexam	eq	11.1.021
tcexam	eq	11.1.006

Rows per page:

1-10 of 1011

References

archives.neohapsis.com/archives/bugtraq/2012-08/0079.html

freecode.com/projects/tcexam/releases/347125

secunia.com/advisories/50141

tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam;h=edf6e08622642f1b2421f4355d98250d9e1b0742

www.openwall.com/lists/oss-security/2012/08/13/8

www.reactionpenetrationtesting.co.uk/tcexam-sql-injection.html

www.securityfocus.com/bid/54861

8.8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.049 Low

EPSS

Percentile

92.6%

JSON

Related for PRION:CVE-2012-4237