Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated malicious user to read the contents of arbitrary files on disk.
tecnick tcexam 14.2.2