CVE-2023-6554

When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CERT-PLCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
VendorProductVersion
tecnicktcexam
𝑥
< 15.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert.pl/en/posts/2024/01/CVE-2023-6554/
https://cert.pl/posts/2024/01/CVE-2023-6554/
https://tcexam.org/
https://cert.pl/en/posts/2024/01/CVE-2023-6554/
https://cert.pl/posts/2024/01/CVE-2023-6554/
https://tcexam.org/