← Back

CVE-2012-4601

nvd nist
Published: Nov 23, 2012Modified: Apr 29, 2026

JSON object

Loading...
6.0
Vector
AV:N/AC:M/Au:S/C:P/I:P/A:P
Exploitability: 6.8 / Impact: 6.4
Source: NVD

Description

Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 11.3.009 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the (1) user_groups[] parameter to admin/code/tce_edit_test.php or (2) subject_id parameter to admin/code/tce_show_all_questions.php.

Affected (102)

Products: Tecnick: Tcexam
Tecnick
1 product
Tcexam
Configuration A
102 vulnerable
Vulnerable SoftwareAffected Versions
Tecnick
Tcexam
Up to 11.3.008
Tcexam
Version 10.1.000
Tcexam
Version 10.1.001
Tcexam
Version 10.1.002
Tcexam
Version 10.1.003
Tcexam
Version 10.1.004
Tcexam
Version 10.1.005
Tcexam
Version 10.1.006
Tcexam
Version 10.1.007
Tcexam
Version 10.1.008
Tcexam
Version 10.1.009
Tcexam
Version 10.1.010
Tcexam
Version 10.1.011
Tcexam
Version 10.1.012
Tcexam
Version 10.1.013
Tcexam
Version 11.0.000
Tcexam
Version 11.0.001
Tcexam
Version 11.0.002
Tcexam
Version 11.0.003
Tcexam
Version 11.0.004
Tcexam
Version 11.0.005
Tcexam
Version 11.0.006
Tcexam
Version 11.0.007
Tcexam
Version 11.0.008
Tcexam
Version 11.0.009
Tcexam
Version 11.0.010
Tcexam
Version 11.0.011
Tcexam
Version 11.0.012
Tcexam
Version 11.0.013
Tcexam
Version 11.0.014
Tcexam
Version 11.0.015
Tcexam
Version 11.0.016
Tcexam
Version 11.1.000
Tcexam
Version 11.1.001
Tcexam
Version 11.1.002
Tcexam
Version 11.1.003
Tcexam
Version 11.1.004
Tcexam
Version 11.1.005
Tcexam
Version 11.1.006
Tcexam
Version 11.1.007
Tcexam
Version 11.1.008
Tcexam
Version 11.1.009
Tcexam
Version 11.1.010
Tcexam
Version 11.1.011
Tcexam
Version 11.1.012
Tcexam
Version 11.1.013
Tcexam
Version 11.1.014
Tcexam
Version 11.1.015
Tcexam
Version 11.1.016
Tcexam
Version 11.1.017
Tcexam
Version 11.1.018
Tcexam
Version 11.1.019
Tcexam
Version 11.1.020
Tcexam
Version 11.1.021
Tcexam
Version 11.1.022
Tcexam
Version 11.1.023
Tcexam
Version 11.1.024
Tcexam
Version 11.1.025
Tcexam
Version 11.1.026
Tcexam
Version 11.1.027
Tcexam
Version 11.1.028
Tcexam
Version 11.1.029
Tcexam
Version 11.1.030
Tcexam
Version 11.1.031
Tcexam
Version 11.2.000
Tcexam
Version 11.2.001
Tcexam
Version 11.2.002
Tcexam
Version 11.2.003
Tcexam
Version 11.2.004
Tcexam
Version 11.2.005
Tcexam
Version 11.2.006
Tcexam
Version 11.2.007
Tcexam
Version 11.2.008
Tcexam
Version 11.2.010
Tcexam
Version 11.2.011
Tcexam
Version 11.2.012
Tcexam
Version 11.2.013
Tcexam
Version 11.2.014
Tcexam
Version 11.2.015
Tcexam
Version 11.2.016
Tcexam
Version 11.2.017
Tcexam
Version 11.2.018
Tcexam
Version 11.2.020
Tcexam
Version 11.2.021
Tcexam
Version 11.2.022
Tcexam
Version 11.2.023
Tcexam
Version 11.2.025
Tcexam
Version 11.2.026
Tcexam
Version 11.2.027
Tcexam
Version 11.2.028
Tcexam
Version 11.2.029
Tcexam
Version 11.2.030
Tcexam
Version 11.2.031
Tcexam
Version 11.2.032
Tcexam
Version 11.3.000
Tcexam
Version 11.3.001
Tcexam
Version 11.3.002
Tcexam
Version 11.3.003
Tcexam
Version 11.3.004
Tcexam
Version 11.3.005
Tcexam
Version 11.3.006
Tcexam
Version 11.3.007

Related CWEs

CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

References (10)

Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Patch
Source: cve@mitre.org
Source: cve@mitre.org
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit

Timeline

No history available yet.