Tcexam · Tcexam · CVE-2010-2153
**Name of the Vulnerable Software and Affected Versions**
TCExam versions 10.1.006 through 10.1.007
**Description**
The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the admin/code/tce functions tcecode editor.php file, then accessing it via a direct request to the file in cache/.
**Recommendations**
For versions 10.1.006 and 10.1.007, consider restricting access to the `tce functions tcecode editor.php` file to prevent unauthorized file uploads until a patch is available.
As a temporary workaround, restrict access to the cache directory to minimize the risk of exploitation.