Update CVE-2021-20114.yaml
parent
47a892d375
commit
e1ab21616f
|
@ -4,17 +4,26 @@ info:
|
|||
name: TCExam <= 14.8.1 Exposure of Sensitive Information to an Unauthorized Actor
|
||||
author: n/a
|
||||
severity: high
|
||||
reference: https://es-la.tenable.com/security/research/tra-2021-32?tns_redirect=true
|
||||
description: |
|
||||
When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files.
|
||||
tags: cve,cve2021,tcexam
|
||||
description: When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files.
|
||||
reference:
|
||||
- https://es-la.tenable.com/security/research/tra-2021-32?tns_redirect=true
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-20114
|
||||
tags: cve,cve2021,tcexam,disclosure
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/cache/backup/"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "Index of /cache/backup"
|
||||
- "Parent Directory"
|
||||
- ".sql.gz"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
Loading…
Reference in New Issue