Описание
Dynamic variable evaluation vulnerability in shared/config/tce_config.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks by modifying critical variables such as $_SERVER, as demonstrated by injecting web script via the _SERVER[SCRIPT_NAME] parameter.
Ссылки
- Patch
- Patch
Уязвимые конфигурации
Конфигурация 1Версия до 4.0.011 (включая)
cpe:2.3:a:tecnick.com:tcexam:*:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.12966
Средний
6.8 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Dynamic variable evaluation vulnerability in shared/config/tce_config.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks by modifying critical variables such as $_SERVER, as demonstrated by injecting web script via the _SERVER[SCRIPT_NAME] parameter.
EPSS
Процентиль: 94%
0.12966
Средний
6.8 Medium
CVSS2
Дефекты
NVD-CWE-Other