CVE-2012-4237

TCExam < 11.3.008 - Authenticated SQL Injection via subject_module_id Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-4237. PoCs published by Chris Cooper.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in TCExam versions prior to 11.3.008, where the 'subject_module_id' parameter in 'tce_edit_question.php' is not properly sanitized. This allows attackers to manipulate SQL queries, potentially compromising the application or underlying database.

Description

Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php.

Exploits (2)

exploitdb WRITEUP VERIFIED
by Chris Cooper · textwebappsphp
https://www.exploit-db.com/exploits/37585

The provided text describes a SQL injection vulnerability in TCExam versions prior to 11.3.008, where the 'subject_module_id' parameter in 'tce_edit_question.php' is not properly sanitized. This allows attackers to manipulate SQL queries, potentially compromising the application or underlying database.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: TCExam < 11.3.008
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Chris Cooper · textwebappsphp
https://www.exploit-db.com/exploits/37584

The provided text describes SQL injection vulnerabilities in TCExam versions prior to 11.3.008, specifically in the 'tce_edit_answer.php' endpoint via the 'subject_module_id' and 'question_subject_id' parameters. It lacks functional exploit code but provides technical details about the vulnerability.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: TCExam < 11.3.008
Auth required
Prerequisites: Access to the vulnerable TCExam endpoint · Valid authentication credentials
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (7)

Core 7
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/54861
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-08/0079.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/50141
Release Notes x_refsource_confirm
http://freecode.com/projects/tcexam/releases/347125
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/08/13/8

Scores

EPSS 0.0239
EPSS Percentile 81.8%

Details

CWE
CWE-89
Status published
Products (50)
tecnick/tcexam 10.1.000
tecnick/tcexam 10.1.001
tecnick/tcexam 10.1.002
tecnick/tcexam 10.1.003
tecnick/tcexam 10.1.004
tecnick/tcexam 10.1.005
tecnick/tcexam 10.1.006
tecnick/tcexam 10.1.007
tecnick/tcexam 10.1.008
tecnick/tcexam 10.1.009
... and 40 more
Published Aug 20, 2012
Tracked Since Feb 18, 2026