TCExam Cross-Site Scripting and SQL Injection Vulnerabilities
Description
High-Tech Bridge has discovered multiple vulnerabilities in TCExam, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
1) Input passed to the "cid" and "uids" parameters in admin/code/tce_select_users_popup.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Input passed via the "user_groups[]" parameter to admin/code/tce_edit_test.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerabilities are confirmed in version 11.3.008. Prior versions may also be affected.
