CVE-2021-20114

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-20114

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20114.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-20114

Published

2021-07-30T14:15:14.370Z

Modified

2026-04-10T04:29:14.431078Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files.

References

https://www.tenable.com/security/research/tra-2021-32

Affected packages

Git / github.com/tecnickcom/tcexam

Affected ranges

Type

GIT

Repo

https://github.com/tecnickcom/tcexam

Events

Introduced

Last affected

34e524aa8534e55fdc7b0e3c6866509228939ee1

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "14.8.1"
        }
    ]
}

Affected versions

12.*

12.0.013

12.0.014

12.1.000

12.1.001

12.1.002

12.1.003

12.1.004

12.1.005

12.1.006

12.1.007

12.1.008

12.1.009

12.1.010

12.1.011

12.1.012

12.1.013

12.1.014

12.1.015

12.1.016

12.1.017

12.1.018

12.1.019

12.1.020

12.1.021

12.1.022

12.1.023

12.1.024

12.1.025

12.1.026

12.1.027

12.1.28

12.1.29

12.1.30

12.2.0

12.2.1

12.2.2

12.2.3

12.2.4

12.2.5

13.*

13.0.1

13.0.2

13.1.1

13.2.0

13.2.1

13.3.0

14.*

14.0.0

14.0.1

14.0.2

14.0.3

14.1.0

14.1.2

14.1.3

14.1.4

14.2.1

14.2.2

14.2.3

14.3.0

14.3.1

14.3.2

14.4.0

14.4.1

14.5.0

14.5.1

14.5.2

14.6.0

14.7.0

14.8.0

14.8.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20114.json"