Tcexam@11.1.015 Security Vulnerabilities and Issues — Tcexam@11.1.015 CVE List

Lucene search

TecnickTcexam11.1.015

5 matches found

CVE•added 2012/08/20 8:55 p.m.•35 views

CVE-2012-4238

Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 allows remote authenticated users with level 5 or greater permissions to inject arbitrary web script or HTML via the question_subject_id parameter.

2.1CVSS5.4AI score0.00181EPSS

CVE•added 2011/09/24 12:55 a.m.•34 views

CVE-2011-3806

TCExam 11.1.015 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/code/tce_page_footer.php and certain other files.

5CVSS6.3AI score0.00283EPSS

CVE•added 2012/08/20 8:55 p.m.•32 views

CVE-2012-4237

Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php.

6.8CVSS8.3AI score0.00416EPSS

CVE•added 2012/11/23 8:55 p.m.•32 views

CVE-2012-4601

Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 11.3.009 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the (1) user_groups[] parameter to admin/code/tce_edit_test.php or (2) subject_id parameter to admin/code/tce_show...

6CVSS8.3AI score0.00251EPSS

CVE•added 2012/11/23 8:55 p.m.•31 views

CVE-2012-4602

Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_select_users_popup.php in Nicola Asuni TCExam before 11.3.009 allow remote attackers to inject arbitrary web script or HTML via the (1) cid or (2) uids parameter.

4.3CVSS5.9AI score0.00295EPSS