Multiple Vulnerabilities in TCExam
CriticalSynopsis
CVE-2021-20111 - Stored Cross Site Scripting Vulnerability in tce_filemanager.php
A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_filemanager.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tce_filemanager.php could upload a malicious javascript payload which would be triggered when another user views the file (either via tce_filemanager.php, other pages which allow the viewing of files, or via direct link).
CVE-2021-20112 - Stored Cross Site Scripting Vulnerability in tce_select_mediafile.php
A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_select_mediafile.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tce_select_mediafile.php could upload a malicious javascript payload which would be triggered when another user views the file (either via tce_select_mediafile.php, other pages which allow the viewing of files, or via direct link).
CVE-2021-20113 - Unauthenticated User Enumeration
CVE-2021-20114 - Unauthenticated Access to Sensitive Objects via /cache/backup/
Among other things, these backup files contain usernames, password hashes and other user information that was supplied on signup.