Description
Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Super Store Finder for WordPress (Google Maps Store Locator) SQL Injection (6.3)
WordPress 4.6.x Denial of Service Vulnerability (4.6 - 4.6.10)
Moodle Improper Access Control Vulnerability (CVE-2015-2267)
WordPress Plugin PayPal for WooCommerce Security Bypass (1.5.7)
WordPress Plugin Memphis Documents Library Arbitrary File Download (3.1.5)