CVE-2007-2430

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-2430
shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows remote attackers to create arbitrary PHP files in cache/ by placing file contents and directory traversal manipulations into a SessionUserLang cookie to public/code/index.php.

7.8 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:C/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact NONE

References
Link Resource
http://secunia.com/advisories/25008
http://sourceforge.net/forum/forum.php?forum_id=690912 Patch
http://www.attrition.org/pipermail/vim/2007-May/001571.html
http://www.securityfocus.com/bid/23705
http://www.vupen.com/english/advisories/2007/1583
https://exchange.xforce.ibmcloud.com/vulnerabilities/33958
https://www.exploit-db.com/exploits/3816
http://secunia.com/advisories/25008
http://sourceforge.net/forum/forum.php?forum_id=690912 Patch
http://www.attrition.org/pipermail/vim/2007-May/001571.html
http://www.securityfocus.com/bid/23705
http://www.vupen.com/english/advisories/2007/1583
https://exchange.xforce.ibmcloud.com/vulnerabilities/33958
https://www.exploit-db.com/exploits/3816
Configurations

Configuration 1 (hide)

cpe:2.3:a:tecnick.com:tcexam:*:*:*:*:*:*:*:*
History

21 Nov 2024, 00:30

Type Values Removed Values Added
References () http://secunia.com/advisories/25008 - () http://secunia.com/advisories/25008 -
References () http://sourceforge.net/forum/forum.php?forum_id=690912 - Patch () http://sourceforge.net/forum/forum.php?forum_id=690912 - Patch
References () http://www.attrition.org/pipermail/vim/2007-May/001571.html - () http://www.attrition.org/pipermail/vim/2007-May/001571.html -
References () http://www.securityfocus.com/bid/23705 - () http://www.securityfocus.com/bid/23705 -
References () http://www.vupen.com/english/advisories/2007/1583 - () http://www.vupen.com/english/advisories/2007/1583 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/33958 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/33958 -
References () https://www.exploit-db.com/exploits/3816 - () https://www.exploit-db.com/exploits/3816 -
Information

Published : 2007-05-02 00:19

Updated : 2025-04-09 00:30

NVD link : CVE-2007-2430

Mitre link : CVE-2007-2430

CVE.ORG link : CVE-2007-2430

JSON object : View

Products Affected

tecnick.com

  • tcexam
CWE
NVD-CWE-Other