{"id":"CVE-2021-20114","details":"When installed following the default/recommended settings, TCExam \u003c= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files.","modified":"2026-04-11T23:13:50.587312Z","published":"2021-07-30T14:15:14.370Z","references":[{"type":"EVIDENCE","url":"https://www.tenable.com/security/research/tra-2021-32"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tecnickcom/tcexam","events":[{"introduced":"0"},{"last_affected":"34e524aa8534e55fdc7b0e3c6866509228939ee1"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"14.8.1"}],"cpe":"cpe:2.3:a:tecnick:tcexam:*:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"versions":["12.0.013","12.0.014","12.1.000","12.1.001","12.1.002","12.1.003","12.1.004","12.1.005","12.1.006","12.1.007","12.1.008","12.1.009","12.1.010","12.1.011","12.1.012","12.1.013","12.1.014","12.1.015","12.1.016","12.1.017","12.1.018","12.1.019","12.1.020","12.1.021","12.1.022","12.1.023","12.1.024","12.1.025","12.1.026","12.1.027","12.1.28","12.1.29","12.1.30","12.2.0","12.2.1","12.2.2","12.2.3","12.2.4","12.2.5","13.0.1","13.0.2","13.1.1","13.2.0","13.2.1","13.3.0","14.0.0","14.0.1","14.0.2","14.0.3","14.1.0","14.1.2","14.1.3","14.1.4","14.2.1","14.2.2","14.2.3","14.3.0","14.3.1","14.3.2","14.4.0","14.4.1","14.5.0","14.5.1","14.5.2","14.6.0","14.7.0","14.8.0","14.8.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-20114.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}