Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tecnick tcexam vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-6554
When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers.
Tecnick Tcexam
4.3
CVSSv2
CVE-2021-20115
A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.3. The paths provided in the f, d, and dir parameters in tce_filemanager.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could cra...
Tecnick Tcexam
4.3
CVSSv2
CVE-2021-20116
A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.4. The paths provided in the f, d, and dir parameters in tce_select_mediafile.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker coul...
Tecnick Tcexam
5
CVSSv2
CVE-2021-20114
When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files.
Tecnick Tcexam
3.5
CVSSv2
CVE-2021-20111
A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_filemanager.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tce_filemanager.php could upload a malicious javascript payloa...
Tecnick Tcexam
3.5
CVSSv2
CVE-2021-20112
A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_select_mediafile.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tce_select_mediafile.php could upload a malicious javascr...
Tecnick Tcexam
5
CVSSv2
CVE-2021-20113
An exposure of sensitive information vulnerability exists in TCExam <= 14.8.1. If a password reset request was made for an email address that was not registered with a user then we would be presented with an ‘unknown email’ error. If an email is given that is regis...
Tecnick Tcexam
4
CVSSv2
CVE-2020-5743
Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated malicious user to access test metadata for which they don't have permission.
Tecnick Tcexam 14.2.2
4
CVSSv2
CVE-2020-5744
Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated malicious user to read the contents of arbitrary files on disk.
Tecnick Tcexam 14.2.2
4.3
CVSSv2
CVE-2020-5745
Cross-site request forgery in TCExam 14.2.2 allows a remote malicious user to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
Tecnick Tcexam 14.2.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30065
CVE-2024-5843
CVE-2024-30080
code execution
CVE-2024-4577
CVE-2024-26169
wireless
remote code execution
CVE-2024-36103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »