Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2012-4237

Published: 20/08/2012 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 690
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Tcexam

Vulnerability Summary

Multiple SQL injection vulnerabilities in TCExam prior to 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php.

Vulnerable Product Search on Vulmon Subscribe to Product

tecnick tcexam 11.1.019

tecnick tcexam 11.3.000

tecnick tcexam 10.1.013

tecnick tcexam 10.1.007

tecnick tcexam 11.2.016

tecnick tcexam 11.2.032

tecnick tcexam 11.2.005

tecnick tcexam 11.1.004

tecnick tcexam 11.1.021

tecnick tcexam 11.1.006

tecnick tcexam 10.1.005

tecnick tcexam 11.0.009

tecnick tcexam 11.0.016

tecnick tcexam 10.1.002

tecnick tcexam 10.1.011

tecnick tcexam 11.2.020

tecnick tcexam 11.2.000

tecnick tcexam 11.0.015

tecnick tcexam 11.2.003

tecnick tcexam 11.0.001

tecnick tcexam 11.2.010

tecnick tcexam 11.2.021

tecnick tcexam 11.1.007

tecnick tcexam 11.2.028

tecnick tcexam 10.1.012

tecnick tcexam 11.1.001

tecnick tcexam 11.1.028

tecnick tcexam 11.1.011

tecnick tcexam 11.0.003

tecnick tcexam 11.1.012

tecnick tcexam 11.1.013

tecnick tcexam 11.3.002

tecnick tcexam 11.2.007

tecnick tcexam 11.2.029

tecnick tcexam 11.0.012

tecnick tcexam 11.1.025

tecnick tcexam 11.2.015

tecnick tcexam 11.1.023

tecnick tcexam 11.0.011

tecnick tcexam 11.1.009

tecnick tcexam 10.1.004

tecnick tcexam 10.1.009

tecnick tcexam 11.0.004

tecnick tcexam 11.1.031

tecnick tcexam 11.0.010

tecnick tcexam 11.2.013

tecnick tcexam 11.1.010

tecnick tcexam 11.2.030

tecnick tcexam 10.1.003

tecnick tcexam 10.1.010

tecnick tcexam 11.0.008

tecnick tcexam 11.2.004

tecnick tcexam 11.1.003

tecnick tcexam 11.0.000

tecnick tcexam 11.2.002

tecnick tcexam 11.1.018

tecnick tcexam 11.1.022

tecnick tcexam 11.0.007

tecnick tcexam 11.1.000

tecnick tcexam 11.3.006

tecnick tcexam 11.1.017

tecnick tcexam 11.1.020

tecnick tcexam 11.0.006

tecnick tcexam 11.3.003

tecnick tcexam 11.1.026

tecnick tcexam 10.1.006

tecnick tcexam 11.2.022

tecnick tcexam 11.3.004

tecnick tcexam 11.1.016

tecnick tcexam 11.1.024

tecnick tcexam

tecnick tcexam 11.0.002

tecnick tcexam 10.1.000

tecnick tcexam 11.0.013

tecnick tcexam 11.2.025

tecnick tcexam 11.2.018

tecnick tcexam 11.2.027

tecnick tcexam 11.1.014

tecnick tcexam 11.2.017

tecnick tcexam 11.3.001

tecnick tcexam 11.0.005

tecnick tcexam 11.2.026

tecnick tcexam 11.1.002

tecnick tcexam 11.2.023

tecnick tcexam 10.1.001

tecnick tcexam 11.2.011

tecnick tcexam 11.1.027

tecnick tcexam 11.1.008

tecnick tcexam 11.2.012

tecnick tcexam 11.2.006

tecnick tcexam 11.3.005

tecnick tcexam 11.0.014

tecnick tcexam 11.2.014

tecnick tcexam 11.1.005

tecnick tcexam 11.2.031

tecnick tcexam 11.1.030

tecnick tcexam 11.1.029

tecnick tcexam 11.2.001

tecnick tcexam 11.1.015

tecnick tcexam 10.1.008

tecnick tcexam 11.2.008

Exploits

Exploit DB: TCExam 11.3.007 SQL Injection
TCExam Edit version 113007 suffers from a remote SQL injection vulnerability ...
Exploit DB: TCExam 11.2.x - '/admin/code/tce_edit_question.php?subject_module_id' SQL Injection
source: wwwsecurityfocuscom/bid/54861/info TCExam is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the ...
Exploit DB: TCExam 11.2.x - '/admin/code/tce_edit_answer.php' Multiple SQL Injections
source: wwwsecurityfocuscom/bid/54861/info TCExam is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the u ...

References

CWE-89http://archives.neohapsis.com/archives/bugtraq/2012-08/0079.htmlhttp://www.securityfocus.com/bid/54861http://freecode.com/projects/tcexam/releases/347125http://www.openwall.com/lists/oss-security/2012/08/13/8http://secunia.com/advisories/50141http://www.reactionpenetrationtesting.co.uk/tcexam-sql-injection.htmlhttp://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam%3Bh=edf6e08622642f1b2421f4355d98250d9e1b0742https://nvd.nist.govhttps://packetstormsecurity.com/files/115501/TCExam-11.3.007-SQL-Injection.htmlhttps://www.exploit-db.com/exploits/37585/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook