Description

When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers.

Remediation

References

CVE-2023-6554

Related Vulnerabilities

Drupal Core 8.5.x Multiple Vulnerabilities (8.5.0 - 8.5.14)

WordPress Plugin Link Library Cross-Site Scripting (5.9.12.29)

MySQL CVE-2015-0511 Vulnerability (CVE-2015-0511)

WordPress Plugin Ads Pro-Multi-Purpose WordPress Advertising Manager Multiple Vulnerabilities (3.4)

WordPress Plugin Chat-Support Board-WordPress Chat Cross-Site Scripting (1.2.8)

Severity

Medium

Classification

CVE-2023-6554 CWE-862 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities