Vulnerability in Tecnick.com Tcexam
CVE-2007-2430
shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows remote attackers to create arbitrary PHP files in cache/ by placing file contents and directory traversal manipulations into a SessionUserLang cookie to public/code/index.php.
EPSS: 0.037 (88.4th percentile) — read the EPSS interpretation.
Affected products
- Tecnick.com Tcexam
- N/a — versions n/a
References
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (vdb-entry, x_refsource_BID)
- cve@mitre.org (x_refsource_CONFIRM, Patch)
- cve@mitre.org (exploit, x_refsource_EXPLOIT-DB)
- cve@mitre.org (vdb-entry, x_refsource_VUPEN)
- cve@mitre.org (mailing-list, x_refsource_VIM)