CVE-2010-2153

Name of the Vulnerable Software and Affected Versions TCExam versions 10.1.006 through 10.1.007

Description The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the admin/code/tce functions tcecode editor.php file, then accessing it via a direct request to the file in cache/.

Recommendations For versions 10.1.006 and 10.1.007, consider restricting access to the tce functions tcecode editor.php file to prevent unauthorized file uploads until a patch is available. As a temporary workaround, restrict access to the cache directory to minimize the risk of exploitation.