Every CVE whose affected-product data names Tecnick Tcexam, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (23)
CVE-2021-20114 — CVSS 7.5 (high): When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/…
CVE-2020-5745 — CVSS 7.4 (high): Cross-site request forgery in TCExam 14.2.2 allows a remote attacker to perform sensitive application actions by tricking legitimate users…
CVE-2010-2153 — CVSS 6.8 (medium): Unrestricted file upload vulnerability in admin/code/tce_functions_tcecode_editor.php in TCExam 10.1.006 and 10.1.007 allows remote…
CVE-2012-4237 — CVSS 6.8 (medium): Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to…
CVE-2023-6554 — CVSS 6.5 (medium): When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any…
CVE-2021-20116 — CVSS 6.1 (medium): A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.4. The paths provided in the f, d, and dir parameters in…
CVE-2020-5748 — CVSS 6.1 (medium): Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting…
CVE-2021-20115 — CVSS 6.1 (medium): A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.3. The paths provided in the f, d, and dir parameters in…
CVE-2020-5750 — CVSS 6.1 (medium): Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting…
CVE-2012-4601 — CVSS 6.0 (medium): Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 11.3.009 allow remote authenticated users with level 5 or greater…
CVE-2021-20112 — CVSS 5.4 (medium): A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_select_mediafile.php with a filename…
CVE-2020-5746 — CVSS 5.4 (medium): Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS)…
CVE-2020-5747 — CVSS 5.4 (medium): Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS)…
CVE-2020-5749 — CVSS 5.4 (medium): Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS)…
CVE-2020-5751 — CVSS 5.4 (medium): Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS)…
CVE-2021-20111 — CVSS 5.4 (medium): A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_filemanager.php with a filename…
CVE-2021-20113 — CVSS 5.3 (medium): An exposure of sensitive information vulnerability exists in TCExam <= 14.8.1. If a password reset request was made for an email address…
CVE-2011-3806 — CVSS 5.0 (medium): TCExam 11.1.015 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation…
CVE-2020-5744 — CVSS 4.9 (medium): Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated attacker to read the contents of arbitrary files on disk.
CVE-2020-5743 — CVSS 4.3 (medium): Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they…
CVE-2012-4602 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_select_users_popup.php in Nicola Asuni TCExam before 11.3.009 allow…
CVE-2012-4238 — CVSS 2.1 (low): Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 allows remote authenticated users with…