Description
Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php.
Remediation
References
Related Vulnerabilities
Drupal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-13671)
MySQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2005-0004)
WebLogic CVE-2018-3248 Vulnerability (CVE-2018-3248)
Prototype Improper Privilege Management Vulnerability (CVE-2020-7993)