PT-2010-3763 · Tcexam · Tcexam

John Leitch

Published

2010-06-03

Updated

2010-06-04

CVE-2010-2153

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions TCExam versions 10.1.006 through 10.1.007

Description The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the admin/code/tce functions tcecode editor.php file, then accessing it via a direct request to the file in cache/.

Recommendations For versions 10.1.006 and 10.1.007, consider restricting access to the tce functions tcecode editor.php file to prevent unauthorized file uploads until a patch is available. As a temporary workaround, restrict access to the cache directory to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2010-2153

Affected Products

Tcexam

PT-2010-3763 · Tcexam · Tcexam

CVE-2010-2153

Related Identifiers

Affected Products

References · 9