SQL Injection in Tecnick Tcexam

CVE-2012-4237

Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) t…

Vulnerability class: SQL Injection

EPSS: 0.005 (64.7th percentile) — read the EPSS interpretation.

Affected products

Tecnick Tcexam — versions 10.1.000, 10.1.001, 10.1.002
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

54861 (Exploit, vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM)
20120814 TCExam Edit SQL Injection (mailing-list, Exploit, x_refsource_BUGTRAQ)
50141 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (Exploit, x_refsource_MISC)
[oss-security] 20120813 TCExam Edit SQL Injection (mailing-list, x_refsource_MLIST)