TCExam
Products
1- 16 CVEs
Recent CVEs
16| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-2430 | 0.04 | — | 0.09 | May 2, 2007 | shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows remote attackers to create arbitrary PHP files in cache/ by placing file contents and directory traversal manipulations into a SessionUserLang cookie to public/code/index.php. | |||
| CVE-2007-2431 | 0.04 | — | 0.11 | May 2, 2007 | Dynamic variable evaluation vulnerability in shared/config/tce_config.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks by modifying critical variables such as $_SERVER, as demonstrated by injecting web… | |||
| CVE-2012-4237 | 0.03 | — | 0.00 | Aug 20, 2012 | Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php. | |||
| CVE-2010-2153 | 0.03 | — | 0.02 | Jun 3, 2010 | Unrestricted file upload vulnerability in admin/code/tce_functions_tcecode_editor.php in TCExam 10.1.006 and 10.1.007 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in cache/. | |||
| CVE-2020-5750 | 0.00 | — | 0.01 | May 7, 2020 | Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature. | |||
| CVE-2020-5749 | 0.00 | — | 0.00 | May 7, 2020 | Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted group. | |||
| CVE-2020-5751 | 0.00 | — | 0.00 | May 7, 2020 | Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted operator. | |||
| CVE-2020-5748 | 0.00 | — | 0.01 | May 7, 2020 | Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature. | |||
| CVE-2020-5745 | 0.00 | — | 0.00 | May 7, 2020 | Cross-site request forgery in TCExam 14.2.2 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | |||
| CVE-2020-5746 | 0.00 | — | 0.00 | May 7, 2020 | Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. | |||
| CVE-2020-5743 | 0.00 | — | 0.00 | May 7, 2020 | Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don't have permission. | |||
| CVE-2020-5744 | 0.00 | — | 0.00 | May 7, 2020 | Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated attacker to read the contents of arbitrary files on disk. | |||
| CVE-2020-5747 | 0.00 | — | 0.00 | May 7, 2020 | Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. | |||
| CVE-2012-4238 | 0.00 | — | 0.00 | Aug 20, 2012 | Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 allows remote authenticated users with level 5 or greater permissions to inject arbitrary web script or HTML via the question_subject_id parameter. | |||
| CVE-2011-3806 | 0.00 | — | 0.00 | Sep 24, 2011 | TCExam 11.1.015 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/code/tce_page_footer.php and certain other files. | |||
| CVE-2007-6288 | 0.00 | — | 0.00 | Dec 10, 2007 | Multiple SQL injection vulnerabilities in TCExam before 5.1.000 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. |
- CVE-2007-2430May 2, 2007risk 0.04cvss —epss 0.09
shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows remote attackers to create arbitrary PHP files in cache/ by placing file contents and directory traversal manipulations into a SessionUserLang cookie to public/code/index.php.
- CVE-2007-2431May 2, 2007risk 0.04cvss —epss 0.11
Dynamic variable evaluation vulnerability in shared/config/tce_config.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks by modifying critical variables such as $_SERVER, as demonstrated by injecting web…
- CVE-2012-4237Aug 20, 2012risk 0.03cvss —epss 0.00
Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php.
- CVE-2010-2153Jun 3, 2010risk 0.03cvss —epss 0.02
Unrestricted file upload vulnerability in admin/code/tce_functions_tcecode_editor.php in TCExam 10.1.006 and 10.1.007 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in cache/.
- CVE-2020-5750May 7, 2020risk 0.00cvss —epss 0.01
Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature.
- CVE-2020-5749May 7, 2020risk 0.00cvss —epss 0.00
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted group.
- CVE-2020-5751May 7, 2020risk 0.00cvss —epss 0.00
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted operator.
- CVE-2020-5748May 7, 2020risk 0.00cvss —epss 0.01
Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature.
- CVE-2020-5745May 7, 2020risk 0.00cvss —epss 0.00
Cross-site request forgery in TCExam 14.2.2 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
- CVE-2020-5746May 7, 2020risk 0.00cvss —epss 0.00
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test.
- CVE-2020-5743May 7, 2020risk 0.00cvss —epss 0.00
Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don't have permission.
- CVE-2020-5744May 7, 2020risk 0.00cvss —epss 0.00
Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated attacker to read the contents of arbitrary files on disk.
- CVE-2020-5747May 7, 2020risk 0.00cvss —epss 0.00
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test.
- CVE-2012-4238Aug 20, 2012risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 allows remote authenticated users with level 5 or greater permissions to inject arbitrary web script or HTML via the question_subject_id parameter.
- CVE-2011-3806Sep 24, 2011risk 0.00cvss —epss 0.00
TCExam 11.1.015 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/code/tce_page_footer.php and certain other files.
- CVE-2007-6288Dec 10, 2007risk 0.00cvss —epss 0.00
Multiple SQL injection vulnerabilities in TCExam before 5.1.000 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.