shared/code/tce_tmx.php in TCExam 4.0.011 and previous versions allows remote malicious users to create arbitrary PHP files in cache/ by placing file contents and directory traversal manipulations into a SessionUserLang cookie to public/code/index.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tecnick.com tcexam |