Description

Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php.

Remediation

References

CVE-2012-4237

Related Vulnerabilities

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6929)

MySQL CVE-2022-21412 Vulnerability (CVE-2022-21412)

OpenSSL DEPRECATED: Code Vulnerability (CVE-2015-0290)

WordPress Plugin Drag and Drop Multiple File Upload-Contact Form 7 Cross-Site Scripting (1.3.6.2)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3092)

Severity

Medium

Classification

CVE-2012-4237 CWE-138

Tags

Missing Update Known Vulnerabilities