Description

Unrestricted file upload vulnerability in admin/code/tce_functions_tcecode_editor.php in TCExam 10.1.006 and 10.1.007 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in cache/.

Remediation

References

CVE-2010-2153

Related Vulnerabilities

MySQL CVE-2014-0386 Vulnerability (CVE-2014-0386)

WordPress Plugin WordPress Download Manager Unspecified Vulnerability (2.9.96)

Oracle HTTP Server Other Vulnerability (CVE-2006-5348)

WordPress Plugin PDF & Print by BestWebSoft Cross-Site Scripting (2.0.2)

PHP Numeric Errors Vulnerability (CVE-2015-2331)

Severity

Medium

Classification

CVE-2010-2153

Tags

Missing Update Known Vulnerabilities