Vulnerabilities > CVE-2023-6554 - Missing Authorization vulnerability in Tecnick Tcexam

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
tecnick
CWE-862
NVD
Published: 2024-01-11
Updated: 2024-01-18

Summary

When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers.

Vulnerable Configurations

Part Description Count
Application
Tecnick
178

Common Weakness Enumeration (CWE)

References