cbcvebase.
CVE-2007-2431
published 2007-05-02

CVE-2007-2431: Dynamic variable evaluation vulnerability in shared/config/tce_config.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting…

PriorityP429medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
5.10%
91.3th percentile
Dynamic variable evaluation vulnerability in shared/config/tce_config.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks by modifying critical variables such as $_SERVER, as demonstrated by injecting web script via the _SERVER[SCRIPT_NAME] parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
tecnick.comtcexam<= 4.0.011
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.