cbcvebase.
CVE-2012-4601
published 2012-11-23

CVE-2012-4601: Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 11.3.009 allow remote authenticated users with level 5 or greater permissions to execute…

PriorityP432medium6CVSS 2.0
AVNACMAuSCPIPAP
EPSS
1.56%
72.1th percentile
Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 11.3.009 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the (1) user_groups[] parameter to admin/code/tce_edit_test.php or (2) subject_id parameter to admin/code/tce_show_all_questions.php.

Affected

102 ranges· showing 25
VendorProductVersion rangeFixed in
tecnicktcexam<= 11.3.008
tecnicktcexam
tecnicktcexam
tecnicktcexam
tecnicktcexam
tecnicktcexam
tecnicktcexam
tecnicktcexam
tecnicktcexam
tecnicktcexam
tecnicktcexam
tecnicktcexam
tecnicktcexam
tecnicktcexam
tecnicktcexam
tecnicktcexam
tecnicktcexam
tecnicktcexam
tecnicktcexam
tecnicktcexam
tecnicktcexam
tecnicktcexam
tecnicktcexam
tecnicktcexam
tecnicktcexam
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.