CVE-2023-6554

Published: Jan 11, 2024Modified: Jun 20, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers.

Affected (1)

Products: Tecnick: Tcexam

Tecnick

1 product

Tcexam

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Tecnick Tcexam	Before 15.1.0

Related CWEs

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (6)

https://cert.pl/en/posts/2024/01/CVE-2023-6554/

Source: cvd@cert.pl

Third Party Advisory

https://cert.pl/posts/2024/01/CVE-2023-6554/

Source: cvd@cert.pl

Third Party Advisory

https://tcexam.org/

Source: cvd@cert.pl

Product

https://cert.pl/en/posts/2024/01/CVE-2023-6554/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://cert.pl/posts/2024/01/CVE-2023-6554/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://tcexam.org/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.