Report an incident
Back
  • About us
  • News
  • For experts
Report an incident
About us
About our team Contact
Baza wiedzy
Fałszywe inwestycje Uważaj na fałszywe sklepy online (Nie)bezpieczne płatności Fałszywi konsultanci Zadbaj o bezpieczne hasła i logowanie Fałszywe załączniki w mailach Fałszywe prośby o szybki przelew Fałszywe SMSy - plaga ostatnich miesięcy
Biuletyn OUCH!
Porady bezpieczeństwa OUCH!
For experts
Publications
Projects
n6 Artemis MWDB
CVD program
CVD policy Advisories

Vulnerability in TCExam software
11 January 2024 | CERT Polska | #vulnerability, #warning, #cve
CVE ID CVE-2023-6554
Publication date 11 January 2024
Vendor Tecnick.com
Product TCExam
Vulnerable versions All below 15.1.0
Vulnerability type (CWE) Missing Authorization (CWE-862)
Report source Own research

Description

During its own research, CERT Polska has found a vulnerability in TCExam software. When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers.

The vulnerability has been assigned the ID CVE-2023-6554 and was fixed in version 15.1.0 of the software.

More about the coordinated vulnerability disclosure process at CERT Polska can be found at https://cert.pl/en/cvd/.