Vulnerabilities

CVE-2007-2431

by Fred · 01/05/2007

Dynamic variable evaluation vulnerability in shared/config/tce_config.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks by modifying critical variables such as $_SERVER, as demonstrated by injecting web script via the _SERVER[SCRIPT_NAME] parameter.

Date published : 2007-05-01

http://www.securityfocus.com/bid/23704

http://sourceforge.net/forum/forum.php?forum_id=690912

Similar

Tags: Cybersecurity Alert