Summary
This host is running TCExam and is prone to file upload vulnerability.
Impact
Successful exploitation will allow attacker to upload PHP scripts and execute arbitrary commands on a web server.
Impact Level: Application.
Solution
Upgrade to TCExam version 10.1.012.
For updates refer to http://www.tecnick.com/public/code/cp_dpage.php?aiocp_dp=tcexam
Insight
The flaw is due to the access and input validation errors in the '/admin/code/tce_functions_tcecode_editor.php' script when uploading files.
Affected
TCExam version 10.1.010 and prior
References
Severity
Classification
-
CVE CVE-2010-2153 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
- Allaire JRun directory browsing vulnerability
- Apache Archiva Home Page Cross-Site Scripting vulnerability
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities