Description
Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 11.3.009 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the (1) user_groups[] parameter to admin/code/tce_edit_test.php or (2) subject_id parameter to admin/code/tce_show_all_questions.php.
Remediation
References
Related Vulnerabilities
MySQL CVE-2023-22084 Vulnerability (CVE-2023-22084)
WordPress Plugin WP Visitor Statistics (Real Time Traffic) Cross-Site Scripting (6.4)
phpMyFAQ Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3783)
Oracle Database Server CVE-2013-3751 Vulnerability (CVE-2013-3751)