Common Weakness Enumeration

CWE-538

Allowed

Insertion of Sensitive Information into Externally-Accessible File or Directory

Abstraction: Base · Status: Draft

The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.

155 vulnerabilities reference this CWE, most recent first.

GHSA-RH59-VGH2-8M84

Vulnerability from github – Published: 2025-01-07 18:30 – Updated: 2026-04-01 18:33
VLAI
Details

Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.7.7.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-22306"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-538"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-07T17:15:32Z",
    "severity": "MODERATE"
  },
  "details": "Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.7.7.",
  "id": "GHSA-rh59-vgh2-8m84",
  "modified": "2026-04-01T18:33:05Z",
  "published": "2025-01-07T18:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22306"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/link-whisper/vulnerability/wordpress-link-whisper-free-plugin-0-7-7-sensitive-data-exposure-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RM97-X556-Q36H

Vulnerability from github – Published: 2024-02-24 06:30 – Updated: 2024-08-28 21:58
VLAI
Summary
sanitize-html Information Exposure vulnerability
Details

Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "sanitize-html"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.12.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-21501"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-538"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-03-01T16:55:53Z",
    "nvd_published_at": "2024-02-24T05:15:44Z",
    "severity": "MODERATE"
  },
  "details": "Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server.",
  "id": "GHSA-rm97-x556-q36h",
  "modified": "2024-08-28T21:58:16Z",
  "published": "2024-02-24T06:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21501"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apostrophecms/sanitize-html/pull/650"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apostrophecms/sanitize-html/commit/c5dbdf77fe8b836d3bf4554ea39edb45281ec0b4"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/Slonser/8b4d061abe6ee1b2e10c7242987674cf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apostrophecms/apostrophe/discussions/4436"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apostrophecms/sanitize-html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EB5JPYRCTS64EA5AMV3INHDPI6I4AW7"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4I5X6V3LYUNBMZ5YOW4BV427TH3IK4S"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6276557"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "sanitize-html Information Exposure vulnerability"
}

GHSA-VJQC-8HQX-GPV2

Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2024-04-04 01:28
VLAI
Details

cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-20932"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-538"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-01T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406).",
  "id": "GHSA-vjqc-8hqx-gpv2",
  "modified": "2024-04-04T01:28:37Z",
  "published": "2022-05-24T16:52:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20932"
    },
    {
      "type": "WEB",
      "url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VX85-MJ8C-4QM6

Vulnerability from github – Published: 2019-01-17 13:56 – Updated: 2023-09-11 18:30
VLAI
Summary
Apache Thrift Node.js static web server sandbox escape
Details

The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.thrift:libthrift"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.9.2"
            },
            {
              "fixed": "0.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-11798"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-538"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:58:46Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path.",
  "id": "GHSA-vx85-mj8c-4qm6",
  "modified": "2023-09-11T18:30:27Z",
  "published": "2019-01-17T13:56:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11798"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/thrift/pull/1606"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/thrift/commit/2a2b72f6c8aef200ecee4984f011e06052288ff2"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1545"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:3140"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-vx85-mj8c-4qm6"
    },
    {
      "type": "WEB",
      "url": "https://issues.apache.org/jira/browse/THRIFT-4647"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/6e9edd282684896cedf615fb67a02bebfe6007f2d5baf03ba52e34fd@%3Cuser.thrift.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20200227094236/http://www.securityfocus.com/bid/106501"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Thrift Node.js static web server sandbox escape"
}

GHSA-VXF2-8CQ4-X49Q

Vulnerability from github – Published: 2026-04-12 15:30 – Updated: 2026-04-12 15:30
VLAI
Details

Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET request. Attackers can access the rom-0 endpoint without authentication to retrieve and decompress the backup file, exposing router passwords and other sensitive configuration data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-25706"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-538"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-12T13:16:33Z",
    "severity": "HIGH"
  },
  "details": "Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET request. Attackers can access the rom-0 endpoint without authentication to retrieve and decompress the backup file, exposing router passwords and other sensitive configuration data.",
  "id": "GHSA-vxf2-8cq4-x49q",
  "modified": "2026-04-12T15:30:26Z",
  "published": "2026-04-12T15:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25706"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/46132"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/across-dr-810-rom-0-unauthenticated-file-disclosure"
    },
    {
      "type": "WEB",
      "url": "http://www.ac.i8i.ir"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-W2X4-H6C7-M6MH

Vulnerability from github – Published: 2025-10-27 21:30 – Updated: 2025-10-27 21:30
VLAI
Details

Dell SupportAssist OS Recovery, versions prior to 5.5.15.0, contain an Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-46602"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-538"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-27T19:16:03Z",
    "severity": "MODERATE"
  },
  "details": "Dell SupportAssist OS Recovery, versions prior to 5.5.15.0, contain an Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.",
  "id": "GHSA-w2x4-h6c7-m6mh",
  "modified": "2025-10-27T21:30:27Z",
  "published": "2025-10-27T21:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46602"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000382443/dsa-2025-403"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W5HH-GH28-CPPG

Vulnerability from github – Published: 2025-01-10 18:31 – Updated: 2025-01-10 18:31
VLAI
Details

During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms.  Publicly available source code of "/registered.php" discloses that path, allowing an attacker to attempt further attacks.  

This issue affects MegaBIP software versions below 5.15

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-6880"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-538"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-10T18:15:26Z",
    "severity": "MODERATE"
  },
  "details": "During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms.\u00a0\nPublicly available source code of \"/registered.php\" discloses that path, allowing an attacker to attempt further attacks.\u00a0\u00a0\n\nThis issue affects MegaBIP software versions below 5.15",
  "id": "GHSA-w5hh-gh28-cppg",
  "modified": "2025-01-10T18:31:41Z",
  "published": "2025-01-10T18:31:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6880"
    },
    {
      "type": "WEB",
      "url": "https://cert.pl/en/posts/2024/09/CVE-2024-6680"
    },
    {
      "type": "WEB",
      "url": "https://megabip.pl"
    },
    {
      "type": "WEB",
      "url": "https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-W9J7-W28P-W5PQ

Vulnerability from github – Published: 2022-05-14 01:57 – Updated: 2022-05-14 01:57
VLAI
Details

Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to download non-purchased course files via a modified id parameter.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-16970"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-538"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-12T20:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to download non-purchased course files via a modified id parameter.",
  "id": "GHSA-w9j7-w28p-w5pq",
  "modified": "2022-05-14T01:57:32Z",
  "published": "2022-05-14T01:57:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16970"
    },
    {
      "type": "WEB",
      "url": "https://blog.ziaurrashid.com/wisetail-learning-ecosystem-multiple-idor-vunlerability"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W9R4-6F5Q-P5H9

Vulnerability from github – Published: 2024-01-02 21:30 – Updated: 2024-01-02 21:30
VLAI
Details

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/uploads/. The manipulation leads to file and directory information exposure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249504.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-0191"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-538"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-02T20:15:10Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/uploads/. The manipulation leads to file and directory information exposure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249504.",
  "id": "GHSA-w9r4-6f5q-p5h9",
  "modified": "2024-01-02T21:30:26Z",
  "published": "2024-01-02T21:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0191"
    },
    {
      "type": "WEB",
      "url": "https://mega.nz/file/uZt00bIA#uqwP2WkWK5kbKOUbRrgbZY4_-4enuhFw5O9LtJ_cclY"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.249504"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.249504"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WF7G-3PCC-4W4X

Vulnerability from github – Published: 2022-05-17 04:47 – Updated: 2025-09-19 21:31
VLAI
Details

The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-0772"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-538"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-04-12T04:37:00Z",
    "severity": "MODERATE"
  },
  "details": "The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL.",
  "id": "GHSA-wf7g-3pcc-4w4x",
  "modified": "2025-09-19T21:31:14Z",
  "published": "2022-05-17T04:47:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0772"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-079-03"
    },
    {
      "type": "WEB",
      "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03"
    },
    {
      "type": "WEB",
      "url": "http://webaccess.advantech.com"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/66740"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation
Architecture and Design Operation System Configuration

Do not expose file and directory information to the user.

CAPEC-95: WSDL Scanning

This attack targets the WSDL interface made available by a web service. The attacker may scan the WSDL interface to reveal sensitive information about invocation patterns, underlying technology implementations and associated vulnerabilities. This type of probing is carried out to perform more serious attacks (e.g. parameter tampering, malicious content injection, command injection, etc.). WSDL files provide detailed information about the services ports and bindings available to consumers. For instance, the attacker can submit special characters or malicious content to the Web service and can cause a denial of service condition or illegal access to database records. In addition, the attacker may try to guess other private methods by using the information provided in the WSDL files.