Aggregates CVE and security vulnerability intelligence across all tecnick-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk cross-site scripting, vendor risk sql injection, and vendor risk path handling; exposure may include vendor impact session compromise in vendor surface software deployment contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2012-4238 | Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 allows remote authenticated users with level 5 or greater permissions to inject arbitrary web script or HTML via the question_subject_id parameter. | [email protected] | 2.1 | 0.18% | 2012-08-20 | 2026-04-29 |
| CVE-2012-4237 | Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php. | [email protected] | 6.8 | 0.46% | 2012-08-20 | 2026-04-29 |
| CVE-2011-3806 | TCExam 11.1.015 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/code/tce_page_footer.php and certain other files. | [email protected] | 5.0 | 0.33% | 2011-09-24 | 2026-04-29 |
| CVE-2010-2153 | Unrestricted file upload vulnerability in admin/code/tce_functions_tcecode_editor.php in TCExam 10.1.006 and 10.1.007 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in cache/. | [email protected] | 6.8 | 1.65% | 2010-06-03 | 2026-04-29 |
| CVE-2009-4747 | PHP remote file inclusion vulnerability in public/code/cp_html2xhtmlbasic.php in All In One Control Panel (AIOCP) 1.4.001 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter, a different vector than CVE-2009-3220. | [email protected] | 7.5 | 3.08% | 2010-03-26 | 2026-04-29 |
| CVE-2009-3220 | PHP remote file inclusion vulnerability in cp_html2txt.php in All In One Control Panel (AIOCP) 1.4.001 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | [email protected] | 7.5 | 2.23% | 2009-09-16 | 2026-04-23 |