Description

When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers.

Remediation

References

CVE-2023-6554

Related Vulnerabilities

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8756)

WordPress Plugin Visitors Online by BestWebSoft Cross-Site Scripting (0.9)

Atlassian Jira CVE-2019-20403 Vulnerability (CVE-2019-20403)

WordPress Plugin Very Simple Quiz Cross-Site Scripting (1.0.0)

WordPress Plugin Quick Page/Post Redirect Open Redirect (5.1.5)

Severity

Medium

Classification

CVE-2023-6554 CWE-862 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities