// For flags

CVE-2010-2153

TCExam 10.1.7 - '/admin/code/tce_functions_tcecode_editor.php' Arbitrary File Upload

Severity Score

6.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

4
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Unrestricted file upload vulnerability in admin/code/tce_functions_tcecode_editor.php in TCExam 10.1.006 and 10.1.007 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in cache/.

Fichero de subida sin restricción en admin/code/tce_functions_tcecode_editor.php de TCExam v10.1.006 y v10.1.007 permite a atacantes remotos ejecutar código arbitrario a través de la subida de un fichero con una extensión ejecutable, y después acceder a el a través de una petición directa del fichero en caché.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-06-02 First Exploit
  • 2010-06-03 CVE Reserved
  • 2010-06-03 CVE Published
  • 2024-09-16 CVE Updated
  • 2024-09-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Tecnick
Search vendor "Tecnick"
 Tcexam
Search vendor "Tecnick" for product "Tcexam"
 10.1.006
Search vendor "Tecnick" for product "Tcexam" and version "10.1.006"
-
Affected
Tecnick
Search vendor "Tecnick"
 Tcexam
Search vendor "Tecnick" for product "Tcexam"
 10.1.007
Search vendor "Tecnick" for product "Tcexam" and version "10.1.007"
-
Affected