Summary
This host is running TCExam and is prone to file upload vulnerability.
Impact
Successful exploitation will allow attacker to upload PHP scripts and execute arbitrary commands on a web server.
Impact Level: Application.
Solution
Upgrade to TCExam version 10.1.012.
For updates refer to http://www.tecnick.com/public/code/cp_dpage.php?aiocp_dp=tcexam
Insight
The flaw is due to the access and input validation errors in the '/admin/code/tce_functions_tcecode_editor.php' script when uploading files.
Affected
TCExam version 10.1.010 and prior
References
Severity
Classification
-
CVE CVE-2010-2153 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Allaire JRun directory browsing vulnerability
- Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
- Apache Web Server ETag Header Information Disclosure Weakness
- Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities