Nicola Asuni

**Name of the Vulnerable Software and Affected Versions** TCExam versions 10.1.006 through 10.1.007 **Description** The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the admin/code/tce functions tcecode editor.php file, then accessing it via a direct request to the file in cache/. **Recommendations** For versions 10.1.006 and 10.1.007, consider restricting access to the `tce functions tcecode editor.php` file to prevent unauthorized file uploads until a patch is available. As a temporary workaround, restrict access to the cache directory to minimize the risk of exploitation.