CVE-2007-2431

Dynamic variable evaluation vulnerability in shared/config/tce_config.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks by modifying critical variables such as $_SERVER, as demonstrated by injecting web script via the _SERVER[SCRIPT_NAME] parameter.

Published: May 2, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-2431
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
tecnick.com / tcexam	-	4.0.011.x

http://secunia.com/advisories/25008
http://sourceforge.net/forum/forum.php?forum_id=690912
http://www.attrition.org/pipermail/vim/2007-May/001572.html
http://www.securityfocus.com/bid/23704
https://exchange.xforce.ibmcloud.com/vulnerabilities/33957
https://www.exploit-db.com/exploits/3816

Vulnerability Database

291,049

CVE-2007-2431