← back
CVE-2007-2431

CVE-2007-2431

EPSS 5.1%
Dynamic variable evaluation vulnerability in shared/config/tce_config.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks by modifying critical variables such as $_SERVER, as demonstrated by injecting web script via the _SERVER[SCRIPT_NAME] parameter.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/3816unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/25008https://exchange.xforce.ibmcloud.com/vulnerabilities/33957http://sourceforge.net/forum/forum.php?forum_id=690912https://www.exploit-db.com/exploits/3816http://www.attrition.org/pipermail/vim/2007-May/001572.htmlhttp://www.securityfocus.com/bid/23704