NVD

Id
45972  
Name
CVE-2012-4601  
Description
Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 11.3.009 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the (1) user_groups[] parameter to admin/code/tce_edit_test.php or (2) subject_id parameter to admin/code/tce_show_all_questions.php.  
Reject
 
CVSS Version
2  
CVSS Score
6  
Severity
Medium  
CVSS Base Score
6  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
6.8  
CVSS Vector
(AV:N/AC:M/Au:S/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2012-11-23  
Modified Date
2012-11-26  
Seq
2012-4601  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
230947 45972 CVE-2012-4601 http://freecode.com/projects/tcexam/releases/347588  View
230948 45972 CVE-2012-4601 http://sourceforge.net/projects/tcexam/files/CHANGELOG.TXT/view  View
230949 45972 CVE-2012-4601 http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam;a=commit;h=3e1ed3c02122eae182f076daabe903b0c8837971  View
230950 45972 CVE-2012-4601 https://www.htbridge.com/advisory/HTB23111  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
29807 JVNDB-2012-005514 Nicola Asuni TCExam における SQL インジェクションの脆弱性 Nicola Asuni TCExam には、SQL インジェクションの脆弱性が存在します。 CVE-2012-4601 57839 CVE-2012-4601 45972 6 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005514.html 2012-11-23 2012-11-27 View