Description

Unrestricted file upload vulnerability in admin/code/tce_functions_tcecode_editor.php in TCExam 10.1.006 and 10.1.007 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in cache/.

Remediation

References

CVE-2010-2153

Related Vulnerabilities

PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7486)

WordPress Plugin EmbedSocial-Social Media Feeds, Reviews and Galleries Cross-Site Scripting (1.1.27)

Oracle Application Server Other Vulnerability (CVE-2002-1630)

WordPress Plugin Mang Board WP Unspecified Vulnerability (2.0.5)

osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14750)

Severity

Medium

Classification

CVE-2010-2153

Tags

Missing Update Known Vulnerabilities