Description

An exposure of sensitive information vulnerability exists in TCExam <= 14.8.1. If a password reset request was made for an email address that was not registered with a user then we would be presented with an ‘unknown email’ error. If an email is given that is registered with a user then this error will not appear. A malicious actor could abuse this to enumerate the email addresses of

Remediation

References

CVE-2021-20113

Related Vulnerabilities

MySQL CVE-2013-1526 Vulnerability (CVE-2013-1526)

PHP-Fusion Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-6043)

Apache HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2011-3348)

WordPress Plugin Total Upkeep-WordPress Backup plus Restore & Migrate by BoldGrid Information Disclosure (1.14.9)

Drupal Core Multiple Vulnerabilities (8.0.0 - 9.1.15)

Severity

Medium

Classification

CVE-2021-20113 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities