Description

Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php.

Remediation

References

CVE-2012-4237

Related Vulnerabilities

Drupal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-13671)

MySQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2005-0004)

WebLogic CVE-2018-3248 Vulnerability (CVE-2018-3248)

Prototype Improper Privilege Management Vulnerability (CVE-2020-7993)

WordPress Plugin Concours Cross-Site Scripting (1.1)

Severity

Medium

Classification

CVE-2012-4237 CWE-138

Tags

Missing Update Known Vulnerabilities