Description
When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files.
Remediation
References
Related Vulnerabilities
WordPress Plugin The Welcomizer 'twiz-index.php' Cross-Site Scripting (1.3.9.4)
WordPress Plugin Limit Login Attempts Reloaded Security Bypass (2.7.4)
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-20099)
ReviveAdserver Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2021-22948)