Description

Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php.

Remediation

References

CVE-2012-4237

Related Vulnerabilities

WordPress Plugin WordPress Infinite Scroll-Ajax Load More Arbitrary File Upload (2.8.1.1)

MySQL CVE-2021-2088 Vulnerability (CVE-2021-2088)

Oracle JRE CVE-2013-5840 Vulnerability (CVE-2013-5840)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-5577)

WordPress Plugin Handsome Testimonials & Reviews SQL Injection (2.0.7)

Severity

Medium

Classification

CVE-2012-4237 CWE-138

Tags

Missing Update Known Vulnerabilities