|
Description
|
|
Reaction Information Security has reported some vulnerabilities in TCExam, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
1) Input passed via multiple parameters to multiple scripts is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
List of affected scripts and parameters:
<a href="http://[host]/admin/code/tce_edit_answer.php?subject_module_id
" target="_blank">http://[host]/admin/code/tce_edi...swer.php?subject_module_id
</a>
<a href="http://[host]/admin/code/tce_edit_answer.php?question_subject_id
" target="_blank">http://[host]/admin/code/tce_edi...er.php?question_subject_id
</a>
<a href="http://[host]/admin/code/tce_edit_question.php?subject_module_id
" target="_blank">http://[host]/admin/code/tce_edi...tion.php?subject_module_id
</a>
2) Input passed via the "question_subject_id" parameter to admin/code/tce_edit_answer.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerabilities are reported in versions prior to 11.3.008.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
TCExam 11.x
|
|
|
|
|
|
Solution
|
|
Update to version 11.3.008.
|
|
|
|
|
|
CVE
|
|
CVE-2012-4238
CVE-2012-4237
|
|
|
|
|
|
References
|
|
TCExam:
http://freecode.com/projects/tcexam/releases/347125
http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam
h=edf6e08622642f1b2421f4355d98250d9e1b0742
Reaction Information Security:
http://www.reactionpenetrationtesting.co.uk/tcexam-sql-injection.html
http://www.reactionpenetrationtesting.co.uk/tcexam-cross-site-scripting.html
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
