daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2021-20114.yaml

patch-1
Prince Chaddha 2021-09-06 17:30:51 +05:30 committed by GitHub
parent 47a892d375
commit e1ab21616f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
cves/2021/CVE-2021-20114.yaml
View File

@ -4,17 +4,26 @@ info:
name: TCExam <= 14.8.1 Exposure of Sensitive Information to an Unauthorized Actor name: TCExam <= 14.8.1 Exposure of Sensitive Information to an Unauthorized Actor
author: n/a author: n/a
severity: high severity: high
reference: https://es-la.tenable.com/security/research/tra-2021-32?tns_redirect=true description: When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files.
description: | reference:
When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files. - https://es-la.tenable.com/security/research/tra-2021-32?tns_redirect=true
tags: cve,cve2021,tcexam - https://nvd.nist.gov/vuln/detail/CVE-2021-20114
tags: cve,cve2021,tcexam,disclosure
requests: requests:
- method: GET - method: GET
path: path:
- "{{BaseURL}}/cache/backup/" - "{{BaseURL}}/cache/backup/"
matchers-condition: and
matchers: matchers:
- type: word
words:
- "Index of /cache/backup"
- "Parent Directory"
- ".sql.gz"
condition: and
- type: status - type: status
status: status:
- 200 - 200