Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
TCExam Missing Authorization Vulnerability (CVE-2023-6554) - Vulnerability Database

TCExam Missing Authorization Vulnerability (CVE-2023-6554)

Description

When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers.

References

CVE-2023-6554

Related Vulnerabilities

XWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-32731) Medium
Common tags: Missing Update Known Vulnerabilities
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7740) Medium
Common tags: Missing Update Known Vulnerabilities
phpMyAdmin CVE-2019-6799 Vulnerability (CVE-2019-6799) Medium
Common tags: Missing Update Known Vulnerabilities
Moodle Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-6970) High
Common tags: Missing Update Known Vulnerabilities
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-6975) High
Common tags: Missing Update Known Vulnerabilities

Severity

Medium

Classification

CVE-2023-6554
CWE-862
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update
Known Vulnerabilities