CVE-2012-4237: SQL Injection
First published: Mon Aug 20 2012(Updated: )
Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tcexam | <=11.3.007 | |
| Tcexam | =10.1.000 | |
| Tcexam | =10.1.001 | |
| Tcexam | =10.1.002 | |
| Tcexam | =10.1.003 | |
| Tcexam | =10.1.004 | |
| Tcexam | =10.1.005 | |
| Tcexam | =10.1.006 | |
| Tcexam | =10.1.007 | |
| Tcexam | =10.1.008 | |
| Tcexam | =10.1.009 | |
| Tcexam | =10.1.010 | |
| Tcexam | =10.1.011 | |
| Tcexam | =10.1.012 | |
| Tcexam | =10.1.013 | |
| Tcexam | =11.0.000 | |
| Tcexam | =11.0.001 | |
| Tcexam | =11.0.002 | |
| Tcexam | =11.0.003 | |
| Tcexam | =11.0.004 | |
| Tcexam | =11.0.005 | |
| Tcexam | =11.0.006 | |
| Tcexam | =11.0.007 | |
| Tcexam | =11.0.008 | |
| Tcexam | =11.0.009 | |
| Tcexam | =11.0.010 | |
| Tcexam | =11.0.011 | |
| Tcexam | =11.0.012 | |
| Tcexam | =11.0.013 | |
| Tcexam | =11.0.014 | |
| Tcexam | =11.0.015 | |
| Tcexam | =11.0.016 | |
| Tcexam | =11.1.000 | |
| Tcexam | =11.1.001 | |
| Tcexam | =11.1.002 | |
| Tcexam | =11.1.003 | |
| Tcexam | =11.1.004 | |
| Tcexam | =11.1.005 | |
| Tcexam | =11.1.006 | |
| Tcexam | =11.1.007 | |
| Tcexam | =11.1.008 | |
| Tcexam | =11.1.009 | |
| Tcexam | =11.1.010 | |
| Tcexam | =11.1.011 | |
| Tcexam | =11.1.012 | |
| Tcexam | =11.1.013 | |
| Tcexam | =11.1.014 | |
| Tcexam | =11.1.015 | |
| Tcexam | =11.1.016 | |
| Tcexam | =11.1.017 | |
| Tcexam | =11.1.018 | |
| Tcexam | =11.1.019 | |
| Tcexam | =11.1.020 | |
| Tcexam | =11.1.021 | |
| Tcexam | =11.1.022 | |
| Tcexam | =11.1.023 | |
| Tcexam | =11.1.024 | |
| Tcexam | =11.1.025 | |
| Tcexam | =11.1.026 | |
| Tcexam | =11.1.027 | |
| Tcexam | =11.1.028 | |
| Tcexam | =11.1.029 | |
| Tcexam | =11.1.030 | |
| Tcexam | =11.1.031 | |
| Tcexam | =11.2.000 | |
| Tcexam | =11.2.001 | |
| Tcexam | =11.2.002 | |
| Tcexam | =11.2.003 | |
| Tcexam | =11.2.004 | |
| Tcexam | =11.2.005 | |
| Tcexam | =11.2.006 | |
| Tcexam | =11.2.007 | |
| Tcexam | =11.2.008 | |
| Tcexam | =11.2.010 | |
| Tcexam | =11.2.011 | |
| Tcexam | =11.2.012 | |
| Tcexam | =11.2.013 | |
| Tcexam | =11.2.014 | |
| Tcexam | =11.2.015 | |
| Tcexam | =11.2.016 | |
| Tcexam | =11.2.017 | |
| Tcexam | =11.2.018 | |
| Tcexam | =11.2.020 | |
| Tcexam | =11.2.021 | |
| Tcexam | =11.2.022 | |
| Tcexam | =11.2.023 | |
| Tcexam | =11.2.025 | |
| Tcexam | =11.2.026 | |
| Tcexam | =11.2.027 | |
| Tcexam | =11.2.028 | |
| Tcexam | =11.2.029 | |
| Tcexam | =11.2.030 | |
| Tcexam | =11.2.031 | |
| Tcexam | =11.2.032 | |
| Tcexam | =11.3.000 | |
| Tcexam | =11.3.001 | |
| Tcexam | =11.3.002 | |
| Tcexam | =11.3.003 | |
| Tcexam | =11.3.004 | |
| Tcexam | =11.3.005 | |
| Tcexam | =11.3.006 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/bugtraq/2012-08/0079.html
- http://freecode.com/projects/tcexam/releases/347125
- http://secunia.com/advisories/50141
- http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam;h=edf6e08622642f1b2421f4355d98250d9e1b0742
- http://www.openwall.com/lists/oss-security/2012/08/13/8
- http://www.reactionpenetrationtesting.co.uk/tcexam-sql-injection.html
- http://www.securityfocus.com/bid/54861
- http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam%3Bh=edf6e08622642f1b2421f4355d98250d9e1b0742
Frequently Asked Questions
What is the severity of CVE-2012-4237?
CVE-2012-4237 is classified as a high severity vulnerability due to its ability to allow remote authenticated users to execute arbitrary SQL commands.
How do I fix CVE-2012-4237?
To fix CVE-2012-4237, upgrade TCExam to version 11.3.008 or later to eliminate the SQL injection vulnerabilities.
What types of vulnerabilities does CVE-2012-4237 include?
CVE-2012-4237 includes multiple SQL injection vulnerabilities affecting tce_edit_answer.php and tce_edit_question.php.
Who is affected by CVE-2012-4237?
CVE-2012-4237 affects remote authenticated users with level 5 or greater permissions in TCExam versions before 11.3.008.
What is TCExam in relation to CVE-2012-4237?
TCExam is an online examination system that is impacted by CVE-2012-4237, which highlights security flaws that could be exploited.
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/tecnick
- canonical/tcexam
- version/tcexam/11.3.007
- version/tcexam/10.1.000
- version/tcexam/10.1.001
- version/tcexam/10.1.002
- version/tcexam/10.1.003
- version/tcexam/10.1.004
- version/tcexam/10.1.005
- version/tcexam/10.1.006
- version/tcexam/10.1.007
- version/tcexam/10.1.008
- version/tcexam/10.1.009
- version/tcexam/10.1.010
- version/tcexam/10.1.011
- version/tcexam/10.1.012
- version/tcexam/10.1.013
- version/tcexam/11.0.000
- version/tcexam/11.0.001
- version/tcexam/11.0.002
- version/tcexam/11.0.003
- version/tcexam/11.0.004
- version/tcexam/11.0.005
- version/tcexam/11.0.006
- version/tcexam/11.0.007
- version/tcexam/11.0.008
- version/tcexam/11.0.009
- version/tcexam/11.0.010
- version/tcexam/11.0.011
- version/tcexam/11.0.012
- version/tcexam/11.0.013
- version/tcexam/11.0.014
- version/tcexam/11.0.015
- version/tcexam/11.0.016
- version/tcexam/11.1.000
- version/tcexam/11.1.001
- version/tcexam/11.1.002
- version/tcexam/11.1.003
- version/tcexam/11.1.004
- version/tcexam/11.1.005
- version/tcexam/11.1.006
- version/tcexam/11.1.007
- version/tcexam/11.1.008
- version/tcexam/11.1.009
- version/tcexam/11.1.010
- version/tcexam/11.1.011
- version/tcexam/11.1.012
- version/tcexam/11.1.013
- version/tcexam/11.1.014
- version/tcexam/11.1.015
- version/tcexam/11.1.016
- version/tcexam/11.1.017
- version/tcexam/11.1.018
- version/tcexam/11.1.019
- version/tcexam/11.1.020
- version/tcexam/11.1.021
- version/tcexam/11.1.022
- version/tcexam/11.1.023
- version/tcexam/11.1.024
- version/tcexam/11.1.025
- version/tcexam/11.1.026
- version/tcexam/11.1.027
- version/tcexam/11.1.028
- version/tcexam/11.1.029
- version/tcexam/11.1.030
- version/tcexam/11.1.031
- version/tcexam/11.2.000
- version/tcexam/11.2.001
- version/tcexam/11.2.002
- version/tcexam/11.2.003
- version/tcexam/11.2.004
- version/tcexam/11.2.005
- version/tcexam/11.2.006
- version/tcexam/11.2.007
- version/tcexam/11.2.008
- version/tcexam/11.2.010
- version/tcexam/11.2.011
- version/tcexam/11.2.012
- version/tcexam/11.2.013
- version/tcexam/11.2.014
- version/tcexam/11.2.015
- version/tcexam/11.2.016
- version/tcexam/11.2.017
- version/tcexam/11.2.018
- version/tcexam/11.2.020
- version/tcexam/11.2.021
- version/tcexam/11.2.022
- version/tcexam/11.2.023
- version/tcexam/11.2.025
- version/tcexam/11.2.026
- version/tcexam/11.2.027
- version/tcexam/11.2.028
- version/tcexam/11.2.029
- version/tcexam/11.2.030
- version/tcexam/11.2.031
- version/tcexam/11.2.032
- version/tcexam/11.3.000
- version/tcexam/11.3.001
- version/tcexam/11.3.002
- version/tcexam/11.3.003
- version/tcexam/11.3.004
- version/tcexam/11.3.005
- version/tcexam/11.3.006