Description

When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers.

Remediation

References

CVE-2023-6554

Related Vulnerabilities

MediaWiki Other Vulnerability (CVE-2005-1245)

WordPress Plugin PixelYourSite-Facebook Pixel (Events, WooCommerce & Easy Digital Downloads) Cross-Site Scripting (5.2.1)

Grafana CVE-2021-27358 Vulnerability (CVE-2021-27358)

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-37067)

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29210)

Severity

Medium

Classification

CVE-2023-6554 CWE-862 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities