CVE-2023-6554

MEDIUM

TCExam < 15.1.0 - Unauthenticated Sensitive Information Exposure via Admin Folder

Title source: llm
STIX 2.1

Description

When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers.

References (3)

Core 3
Core References
Third Party Advisory third-party-advisory
https://cert.pl/en/posts/2024/01/CVE-2023-6554/
Third Party Advisory third-party-advisory
https://cert.pl/posts/2024/01/CVE-2023-6554/
Product product
https://tcexam.org/

Scores

CVSS v3 6.5
EPSS 0.0058
EPSS Percentile 43.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (1)
tecnick/tcexam < 15.1.0
Published Jan 11, 2024
Tracked Since Feb 18, 2026