FKIE_CVE-2012-4237

Vulnerability from fkie_nvd - Published: 2012-08-20 20:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/bugtraq/2012-08/0079.htmlExploit
cve@mitre.orghttp://freecode.com/projects/tcexam/releases/347125
cve@mitre.orghttp://secunia.com/advisories/50141Vendor Advisory
cve@mitre.orghttp://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam%3Bh=edf6e08622642f1b2421f4355d98250d9e1b0742
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2012/08/13/8
cve@mitre.orghttp://www.reactionpenetrationtesting.co.uk/tcexam-sql-injection.htmlExploit
cve@mitre.orghttp://www.securityfocus.com/bid/54861Exploit
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2012-08/0079.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://freecode.com/projects/tcexam/releases/347125
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50141Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam%3Bh=edf6e08622642f1b2421f4355d98250d9e1b0742
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/08/13/8
af854a3a-2127-422b-91ae-364da2661108http://www.reactionpenetrationtesting.co.uk/tcexam-sql-injection.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/54861Exploit
Impacted products
Vendor Product Version
tecnick tcexam *
tecnick tcexam 10.1.000
tecnick tcexam 10.1.001
tecnick tcexam 10.1.002
tecnick tcexam 10.1.003
tecnick tcexam 10.1.004
tecnick tcexam 10.1.005
tecnick tcexam 10.1.006
tecnick tcexam 10.1.007
tecnick tcexam 10.1.008
tecnick tcexam 10.1.009
tecnick tcexam 10.1.010
tecnick tcexam 10.1.011
tecnick tcexam 10.1.012
tecnick tcexam 10.1.013
tecnick tcexam 11.0.000
tecnick tcexam 11.0.001
tecnick tcexam 11.0.002
tecnick tcexam 11.0.003
tecnick tcexam 11.0.004
tecnick tcexam 11.0.005
tecnick tcexam 11.0.006
tecnick tcexam 11.0.007
tecnick tcexam 11.0.008
tecnick tcexam 11.0.009
tecnick tcexam 11.0.010
tecnick tcexam 11.0.011
tecnick tcexam 11.0.012
tecnick tcexam 11.0.013
tecnick tcexam 11.0.014
tecnick tcexam 11.0.015
tecnick tcexam 11.0.016
tecnick tcexam 11.1.000
tecnick tcexam 11.1.001
tecnick tcexam 11.1.002
tecnick tcexam 11.1.003
tecnick tcexam 11.1.004
tecnick tcexam 11.1.005
tecnick tcexam 11.1.006
tecnick tcexam 11.1.007
tecnick tcexam 11.1.008
tecnick tcexam 11.1.009
tecnick tcexam 11.1.010
tecnick tcexam 11.1.011
tecnick tcexam 11.1.012
tecnick tcexam 11.1.013
tecnick tcexam 11.1.014
tecnick tcexam 11.1.015
tecnick tcexam 11.1.016
tecnick tcexam 11.1.017
tecnick tcexam 11.1.018
tecnick tcexam 11.1.019
tecnick tcexam 11.1.020
tecnick tcexam 11.1.021
tecnick tcexam 11.1.022
tecnick tcexam 11.1.023
tecnick tcexam 11.1.024
tecnick tcexam 11.1.025
tecnick tcexam 11.1.026
tecnick tcexam 11.1.027
tecnick tcexam 11.1.028
tecnick tcexam 11.1.029
tecnick tcexam 11.1.030
tecnick tcexam 11.1.031
tecnick tcexam 11.2.000
tecnick tcexam 11.2.001
tecnick tcexam 11.2.002
tecnick tcexam 11.2.003
tecnick tcexam 11.2.004
tecnick tcexam 11.2.005
tecnick tcexam 11.2.006
tecnick tcexam 11.2.007
tecnick tcexam 11.2.008
tecnick tcexam 11.2.010
tecnick tcexam 11.2.011
tecnick tcexam 11.2.012
tecnick tcexam 11.2.013
tecnick tcexam 11.2.014
tecnick tcexam 11.2.015
tecnick tcexam 11.2.016
tecnick tcexam 11.2.017
tecnick tcexam 11.2.018
tecnick tcexam 11.2.020
tecnick tcexam 11.2.021
tecnick tcexam 11.2.022
tecnick tcexam 11.2.023
tecnick tcexam 11.2.025
tecnick tcexam 11.2.026
tecnick tcexam 11.2.027
tecnick tcexam 11.2.028
tecnick tcexam 11.2.029
tecnick tcexam 11.2.030
tecnick tcexam 11.2.031
tecnick tcexam 11.2.032
tecnick tcexam 11.3.000
tecnick tcexam 11.3.001
tecnick tcexam 11.3.002
tecnick tcexam 11.3.003
tecnick tcexam 11.3.004
tecnick tcexam 11.3.005
tecnick tcexam 11.3.006
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "09D1E543-55AC-4488-AEF6-BAF17C428A75",
              "versionEndIncluding": "11.3.007",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:10.1.000:*:*:*:*:*:*:*",
              "matchCriteriaId": "7287E93F-9B5A-4A4F-A0F3-BA61F229337D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:10.1.001:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE304D45-FE2F-4B44-A74F-89EDD949E08B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:10.1.002:*:*:*:*:*:*:*",
              "matchCriteriaId": "4659BFFA-C0D4-4157-9FE9-95E75DF98DBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:10.1.003:*:*:*:*:*:*:*",
              "matchCriteriaId": "06774079-FBA2-4CFB-952E-F9D6EBC99E9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:10.1.004:*:*:*:*:*:*:*",
              "matchCriteriaId": "3632C110-123E-42FB-B885-86AC0496A840",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:10.1.005:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C0E7752-888C-4103-BA46-0688A6940FF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:10.1.006:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DBCCBE8-6E31-4214-A8F2-7740CF8CFC59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:10.1.007:*:*:*:*:*:*:*",
              "matchCriteriaId": "78E43A8F-11C8-475A-B278-E66BD2D0BEED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:10.1.008:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEFF0BC-3282-4EEC-B648-D7FB66687A22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:10.1.009:*:*:*:*:*:*:*",
              "matchCriteriaId": "2820AE77-E25C-4DBD-B26A-00A5F4190AA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:10.1.010:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C7E4A66-24A5-441B-BCFA-1BF795E842EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:10.1.011:*:*:*:*:*:*:*",
              "matchCriteriaId": "17D047F5-C69A-4E0D-8BF8-23FE201FBB13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:10.1.012:*:*:*:*:*:*:*",
              "matchCriteriaId": "7842126B-A64F-41A0-A4B5-E52CF552CFBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:10.1.013:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1E25193-4968-40FE-BA54-2C0E25DB0F15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.0.000:*:*:*:*:*:*:*",
              "matchCriteriaId": "513E6FB7-1B5B-4F5D-8F36-508C2472715F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.0.001:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5D89D08-EECF-4C81-9E94-911B1A2370D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.0.002:*:*:*:*:*:*:*",
              "matchCriteriaId": "6726BE74-A015-4936-B5B9-85EA080222C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.0.003:*:*:*:*:*:*:*",
              "matchCriteriaId": "97AC229D-0885-45D3-A780-C29E21663D33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.0.004:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CE5A37B-6EC8-4790-AA80-4F1948B657FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.0.005:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DBF0674-291C-4793-8CBA-A0B2C09BD0BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.0.006:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC62D410-2928-489D-B297-9EC831A1C53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.0.007:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC254B57-3DAB-4EDE-A852-627AEDBC7AFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.0.008:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DD2B624-838B-4832-9965-1DBB876F5A75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.0.009:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DFF2AAB-59BB-4ED7-AC95-44C96DB1080A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.0.010:*:*:*:*:*:*:*",
              "matchCriteriaId": "115D55DB-8751-41B3-A600-78519A460650",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.0.011:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CD38E1D-F056-4882-848C-58173731AA7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.0.012:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB7B398D-9665-4DF8-9099-F0DA551E0948",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.0.013:*:*:*:*:*:*:*",
              "matchCriteriaId": "56B37604-4480-436B-B159-0A947A1BAC19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.0.014:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DF176B7-EF7E-43FB-8F92-BD6112FD1009",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.0.015:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9A4527-F17F-4C2A-B3CE-58059903C091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.0.016:*:*:*:*:*:*:*",
              "matchCriteriaId": "14C26608-F7C4-4809-AA66-E03DEBC9E858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.1.000:*:*:*:*:*:*:*",
              "matchCriteriaId": "391AF446-5D84-41DE-A102-F17E2674DB53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.1.001:*:*:*:*:*:*:*",
              "matchCriteriaId": "40AB17EC-85A6-431D-A104-0592FD83DA0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.1.002:*:*:*:*:*:*:*",
              "matchCriteriaId": "1457CD43-32D3-4A07-AE32-863661002BE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.1.003:*:*:*:*:*:*:*",
              "matchCriteriaId": "78C75386-A50D-48CF-8127-221B9BB8A405",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.1.004:*:*:*:*:*:*:*",
              "matchCriteriaId": "1947F0AC-4542-43C3-A7CA-268E8981CFF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.1.005:*:*:*:*:*:*:*",
              "matchCriteriaId": "87A6F355-E90C-45F5-924A-2E273C17A77A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.1.006:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3C3DED-3F50-450F-89B5-4D926FAB7B06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.1.007:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7D7F46-F2FA-41E0-BCD3-0B32CC64F657",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.1.008:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBFF8EC6-6ADA-4B8A-ACE6-4F00107F2D48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.1.009:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E643379-E31F-4C0C-92EB-C347D668191D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.1.010:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FC974BF-33A5-4F6A-AF65-40E9A56DDCC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.1.011:*:*:*:*:*:*:*",
              "matchCriteriaId": "249FE485-F3CD-45C7-8B21-786F6D50851A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.1.012:*:*:*:*:*:*:*",
              "matchCriteriaId": "628F72CC-306E-4CF8-9E8D-15CA2482D600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.1.013:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF5E1468-0680-4CB2-8675-4722A8560607",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.1.014:*:*:*:*:*:*:*",
              "matchCriteriaId": "62DECE89-EF33-49AC-869F-C3094596A451",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.1.015:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE2FF621-4ABC-4C9A-82A3-8151BADE4810",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.1.016:*:*:*:*:*:*:*",
              "matchCriteriaId": "FECCD319-5F1C-4F47-867D-F12925E9AB49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.1.017:*:*:*:*:*:*:*",
              "matchCriteriaId": "33BF558B-6E25-4A19-A794-5ED34E110B17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.1.018:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EC31BE4-D779-400A-BFAE-99F2EE4AE094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.1.019:*:*:*:*:*:*:*",
              "matchCriteriaId": "D15CD910-BE87-4BA0-B7A7-BC36D8C48EF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.1.020:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A7C1FC6-02C3-4BC5-9A37-6B66F4326CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.1.021:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E218333-6250-484A-8829-3649CC1863C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.1.022:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ACF3998-A87D-4F00-846D-3698BD709B29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.1.023:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCD3F95E-0212-4E82-86C4-5771EA5E623A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.1.024:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CBC784A-4418-4B71-BB80-291B10063ACF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.1.025:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B4FEEA-1BEC-4911-86E3-0AE963ADE644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.1.026:*:*:*:*:*:*:*",
              "matchCriteriaId": "C95867CE-CC40-4437-95CE-FE48F12857FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.1.027:*:*:*:*:*:*:*",
              "matchCriteriaId": "85FCB6DF-4F02-4708-B256-4D28EEED7F54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.1.028:*:*:*:*:*:*:*",
              "matchCriteriaId": "01EA4845-0D85-4B97-A845-9F219E3964AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.1.029:*:*:*:*:*:*:*",
              "matchCriteriaId": "F05DADC0-C60C-40DA-972E-7A49A499F620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.1.030:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8BB8A45-6110-4EFD-84EF-CEF631AED597",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.1.031:*:*:*:*:*:*:*",
              "matchCriteriaId": "18884A2F-9BAD-4EEC-89CC-0BB7F4AEF187",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.2.000:*:*:*:*:*:*:*",
              "matchCriteriaId": "690F53C2-AACF-4E4E-AECE-E704ABBE13DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.2.001:*:*:*:*:*:*:*",
              "matchCriteriaId": "E663B808-656C-4BB5-B3BB-552646FEE34E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.2.002:*:*:*:*:*:*:*",
              "matchCriteriaId": "24F23425-542D-4F24-A333-8F145C4F3D12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.2.003:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1051C25-22AA-46DE-95F7-E6BC2CD6132D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.2.004:*:*:*:*:*:*:*",
              "matchCriteriaId": "08F962B2-C68F-439A-A20C-D57D846A70C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.2.005:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A75BABD-BE4F-4F7E-AFF4-1967B0B1BF9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.2.006:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7509949-207F-4938-B376-949C973AC1DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.2.007:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B9A489B-E4DD-4179-893D-48E929CAFAFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.2.008:*:*:*:*:*:*:*",
              "matchCriteriaId": "C47C0F2F-1EE3-404A-A003-C8F9F506C6BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.2.010:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF152B01-2906-4E6A-81BD-AF4F603E7BE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.2.011:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB435B6A-DA82-47DF-AED0-FEF11B62FA50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.2.012:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7A110C7-C934-4A91-AD58-FC57C95392EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.2.013:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CCEFB5C-421C-4438-AC97-6EB36B69384A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.2.014:*:*:*:*:*:*:*",
              "matchCriteriaId": "30B4A8FA-E94E-42BF-B6EB-18756A1EE127",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.2.015:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C3E7D7F-595E-44ED-8D4A-006E01860227",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.2.016:*:*:*:*:*:*:*",
              "matchCriteriaId": "023D3754-DE1A-4CEC-929C-E54351CBBAB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.2.017:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E394EA4-EC91-4DEC-815E-8AEE71523267",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.2.018:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA482C25-3273-42D6-950F-B11148493278",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.2.020:*:*:*:*:*:*:*",
              "matchCriteriaId": "67EA2A64-D0AA-4CAE-AF82-DC38AAE5FC0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.2.021:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F53E4CF-2607-4C32-99B2-23BF8E77FCBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.2.022:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE3FBC4C-BB09-4BCF-B1BA-D9FF8E8CD08C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.2.023:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD4779BD-CA13-4FC3-BFF1-0ACC4F5BAF3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.2.025:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B8D1F95-ADC0-4D5D-A59E-AEFAE982A082",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.2.026:*:*:*:*:*:*:*",
              "matchCriteriaId": "38B1398A-AA5A-4F8E-8A8A-3F009E1199D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.2.027:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4630664-A1B7-4836-9C73-A04346A63CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.2.028:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B81BA0A-B5C3-4A3B-BE42-7A1ACA79A7D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.2.029:*:*:*:*:*:*:*",
              "matchCriteriaId": "2527DDB7-0974-4A7D-A9C4-D9EC93E6BFEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.2.030:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D55F344-2EF0-42D8-8E10-010E86367D0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.2.031:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF17E462-7D75-4143-BCF1-D42D3B16D8FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.2.032:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A173A8C-54E9-444C-BB55-4497BD30DE90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.3.000:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC938ABF-E674-4F51-BDD1-D73FBEEA76D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.3.001:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B1E4F3-B02C-4CC1-93DF-425E964513D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.3.002:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D9FEF84-F788-45F4-AE6A-C9E9824BAD09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.3.003:*:*:*:*:*:*:*",
              "matchCriteriaId": "353980D7-1E19-43E9-BDBF-77EA3DC87917",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.3.004:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB08D03E-740C-4F91-A3A3-BE439AF1981C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.3.005:*:*:*:*:*:*:*",
              "matchCriteriaId": "15FDBDB6-23E8-4498-BAD4-C1987D24B15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tecnick:tcexam:11.3.006:*:*:*:*:*:*:*",
              "matchCriteriaId": "49497479-5A67-4565-8506-5151D2990FAF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades inyecci\u00f3n de c\u00f3digo SQL en TCExam anterior a v11.3.008 permite a usuarios remotos autenticados con nivel 5 o permisos superiores ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro subject_module_id en (1) tce_edit_answer.php o (2) tce_edit_question.php."
    }
  ],
  "id": "CVE-2012-4237",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-08-20T20:55:03.893",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2012-08/0079.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://freecode.com/projects/tcexam/releases/347125"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50141"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam%3Bh=edf6e08622642f1b2421f4355d98250d9e1b0742"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2012/08/13/8"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.reactionpenetrationtesting.co.uk/tcexam-sql-injection.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/54861"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2012-08/0079.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://freecode.com/projects/tcexam/releases/347125"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50141"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam%3Bh=edf6e08622642f1b2421f4355d98250d9e1b0742"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/08/13/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.reactionpenetrationtesting.co.uk/tcexam-sql-injection.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/54861"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.