Description

Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 11.3.009 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the (1) user_groups[] parameter to admin/code/tce_edit_test.php or (2) subject_id parameter to admin/code/tce_show_all_questions.php.

Remediation

References

CVE-2012-4601

Related Vulnerabilities

Liferay Portal Cleartext Storage of Sensitive Information Vulnerability (CVE-2021-33325)

WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.19)

Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-12823)

Joomla! Core Cross-Site Scripting (1.6.0 - 3.8.8)

MyBB CVE-2006-0218 Vulnerability (CVE-2006-0218)

Severity

Medium

Classification

CVE-2012-4601 CWE-138

Tags

Missing Update Known Vulnerabilities