Report an incident
Report an incident

Vulnerability in TCExam software
11 January 2024 | CERT Polska | #vulnerability, #warning, #cve
CVE ID CVE-2023-6554
Publication date 11 January 2024
Product TCExam
Vulnerable versions All below 15.1.0
Vulnerability type (CWE) Missing Authorization (CWE-862)
Report source Own research


During its own research, CERT Polska has found a vulnerability in TCExam software. When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers.

The vulnerability has been assigned the ID CVE-2023-6554 and was fixed in version 15.1.0 of the software.

More about the coordinated vulnerability disclosure process at CERT Polska can be found at