Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tcexam vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-20111
A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_filemanager.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tce_filemanager.php could upload a malicious javascript payloa...
Tecnick Tcexam
5.4
CVSSv3
CVE-2021-20112
A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_select_mediafile.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tce_select_mediafile.php could upload a malicious javascr...
Tecnick Tcexam
NA
CVE-2007-2431
Dynamic variable evaluation vulnerability in shared/config/tce_config.php in TCExam 4.0.011 and previous versions allows remote malicious users to conduct cross-site scripting (XSS) and possibly other attacks by modifying critical variables such as $_SERVER, as demonstrated by in...
Tecnick.com Tcexam
1 EDB exploit
6.1
CVSSv3
CVE-2018-13422
TCExam prior to 14.1.2 has XSS via an ff_ or xl_ field.
Tecnick Tcexam
6.5
CVSSv3
CVE-2023-6554
When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers.
Tecnick Tcexam
NA
CVE-2007-6288
Multiple SQL injection vulnerabilities in TCExam prior to 5.1.000 allow remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Tecnick.com Tcexam
4.9
CVSSv3
CVE-2020-5744
Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated malicious user to read the contents of arbitrary files on disk.
Tecnick Tcexam 14.2.2
4.3
CVSSv3
CVE-2020-5743
Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated malicious user to access test metadata for which they don't have permission.
Tecnick Tcexam 14.2.2
7.4
CVSSv3
CVE-2020-5745
Cross-site request forgery in TCExam 14.2.2 allows a remote malicious user to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
Tecnick Tcexam 14.2.2
5.4
CVSSv3
CVE-2020-5746
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated malicious user to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test.
Tecnick Tcexam 14.2.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »