Vulnerabilities > CVE-2007-2430 - Remote PHP Code Execution vulnerability in TCExam SessionUserLang

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
COMPLETE
Availability impact
NONE
network
low complexity
tecnick-com
exploit available

Summary

shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows remote attackers to create arbitrary PHP files in cache/ by placing file contents and directory traversal manipulations into a SessionUserLang cookie to public/code/index.php.

Vulnerable Configurations

Part Description Count
Application
Tecnick.Com
1

Exploit-Db

descriptionTCExam <= 4.0.011 (SessionUserLang) Shell Injection Exploit. CVE-2007-2430,CVE-2007-2431. Webapps exploit for php platform
fileexploits/php/webapps/3816.php
idEDB-ID:3816
last seen2016-01-31
modified2007-04-29
platformphp
port
published2007-04-29
reporterrgod
sourcehttps://www.exploit-db.com/download/3816/
titleTCExam <= 4.0.011 SessionUserLang Shell Injection Exploit
typewebapps