CVE-2023-6554

EUVD-2023-58783
When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
Affected Products (NVD)
VendorProductVersion
tecnicktcexam
𝑥
< 15.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert.pl/en/posts/2024/01/CVE-2023-6554/
https://cert.pl/posts/2024/01/CVE-2023-6554/
https://tcexam.org/
https://cert.pl/en/posts/2024/01/CVE-2023-6554/
https://cert.pl/posts/2024/01/CVE-2023-6554/
https://tcexam.org/