News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Secunia.com:
TCExam PHP Code Execution and Cross-Site Scripting
May 01, 2007 @ 14:18:00

TCExam users will definitely want to pay attention to this latest advisory posted by Secunia detailing a PHP code execution and cross-site scripting issue that's been found:

rgod has discovered two vulnerabilities in TCExam, which can be exploited by malicious people to conduct cross-site scripting attacks or to compromise a vulnerable system.

The two issues is related to two different inpus not being handled properly - the mishandling of the SessionUserLang cookie and the _SERVER[SCRIPT_NAME] value. Neither of these are being sanitized.

This issue effects users of the TCExam 4.x series but a new version, 4.1.000, has already been released and made available for download.

0 comments voice your opinion now!
tcexam crosssitescripting xss execution sanitize tcexam crosssitescripting xss execution sanitize


blog comments powered by Disqus

Similar Posts

PHP Magazine: SuSE - New PHP Packages Fix XSS and Information Leak

SitePoint PHP Blog: A pro-PHP Rant

PHP Security Blog: phpBB exploit in the wild

Pádraic Brady's Blog: XSS in PHP (Part 1): How Not to Use Htmlspecialchars

Secunis.com: Travelsized CMS index.php Cross-Site Scripting Vulnerabilities


Community Events

Don't see your event here?
Let us know!


configure php7 performance introduction laravel podcast symfony2 language example community voicesoftheelephpant release conference part2 interview opinion framework series application api

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework