CWE-552
AllowedFiles or Directories Accessible to External Parties
Abstraction: Base · Status: Draft
The product makes files or directories accessible to unauthorized actors, even though they should not be.
670 vulnerabilities reference this CWE, most recent first.
GHSA-4CQH-MQRW-7QQG
Vulnerability from github – Published: 2022-05-24 17:46 – Updated: 2022-05-24 17:46The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd
{
"affected": [],
"aliases": [
"CVE-2021-24154"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-05T19:15:00Z",
"severity": "MODERATE"
},
"details": "The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd",
"id": "GHSA-4cqh-mqrw-7qqg",
"modified": "2022-05-24T17:46:30Z",
"published": "2022-05-24T17:46:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24154"
},
{
"type": "WEB",
"url": "https://wpscan.com/vulnerability/566c6836-fc3d-4dd9-b351-c3d9da9ec22e"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-4G73-W34J-P4W5
Vulnerability from github – Published: 2022-04-09 00:00 – Updated: 2022-04-15 00:00Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure vulnerability via /index.php?page=home.
{
"affected": [],
"aliases": [
"CVE-2022-28002"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-08T09:15:00Z",
"severity": "HIGH"
},
"details": "Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure vulnerability via /index.php?page=home.",
"id": "GHSA-4g73-w34j-p4w5",
"modified": "2022-04-15T00:00:57Z",
"published": "2022-04-09T00:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28002"
},
{
"type": "WEB",
"url": "https://github.com/D4rkP0w4r/CVEs/blob/main/Movie%20Seat%20Reservation%20System%20File%20Disclosure/POC.md"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/166658/Movie-Seat-Reservation-System-1.0-File-Disclosure-SQL-Injection.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4HMR-39VP-XFRR
Vulnerability from github – Published: 2025-02-24 21:31 – Updated: 2025-02-24 22:02Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available (such as those with TeX Live installed).
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "4.5.0-beta"
},
{
"fixed": "4.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "4.4.0-beta"
},
{
"fixed": "4.4.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "4.3.0-beta"
},
{
"fixed": "4.3.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.1.16"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-26525"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": true,
"github_reviewed_at": "2025-02-24T22:02:26Z",
"nvd_published_at": "2025-02-24T20:15:33Z",
"severity": "HIGH"
},
"details": "Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available (such as \nthose with TeX Live installed).",
"id": "GHSA-4hmr-39vp-xfrr",
"modified": "2025-02-24T22:02:27Z",
"published": "2025-02-24T21:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26525"
},
{
"type": "WEB",
"url": "https://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-84136"
},
{
"type": "PACKAGE",
"url": "https://github.com/moodle/moodle"
},
{
"type": "WEB",
"url": "https://moodle.org/mod/forum/discuss.php?d=466141"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Moodle has an arbitrary file read risk through pdfTeX"
}
GHSA-4M78-WR94-P294
Vulnerability from github – Published: 2023-07-05 15:30 – Updated: 2024-04-04 05:23A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TLS certificate in use by the BMC via forced browsing. This can then be abused to perform Man-in-the-Middle (MitM) attacks against victims that access the web interface through HTTPS.
{
"affected": [],
"aliases": [
"CVE-2023-2538"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-05T13:15:09Z",
"severity": "MODERATE"
},
"details": "A CWE-552 \"Files or Directories Accessible to External Parties\u201d in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TLS certificate in use by the BMC via forced browsing. This can then be abused to perform Man-in-the-Middle (MitM) attacks against victims that access the web interface through HTTPS.",
"id": "GHSA-4m78-wr94-p294",
"modified": "2024-04-04T05:23:28Z",
"published": "2023-07-05T15:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2538"
},
{
"type": "WEB",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-2538"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-4MQ9-MP5G-R83Q
Vulnerability from github – Published: 2023-10-16 21:30 – Updated: 2024-04-04 08:41The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the gallery_edit function, allowing an attacker to access arbitrary resources on the server.
{
"affected": [],
"aliases": [
"CVE-2023-3155"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-16T20:15:14Z",
"severity": "HIGH"
},
"details": "The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server.",
"id": "GHSA-4mq9-mp5g-r83q",
"modified": "2024-04-04T08:41:15Z",
"published": "2023-10-16T21:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3155"
},
{
"type": "WEB",
"url": "https://wpscan.com/vulnerability/5c8473f4-4b52-430b-9140-b81b0a0901da"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4PJM-2JF5-8H3G
Vulnerability from github – Published: 2025-03-23 15:30 – Updated: 2025-03-23 15:30A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /oews/admin/. The manipulation leads to exposure of information through directory listing. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. Multiple sub-directories are affected.
{
"affected": [],
"aliases": [
"CVE-2025-2651"
],
"database_specific": {
"cwe_ids": [
"CWE-548",
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-23T15:15:13Z",
"severity": "MODERATE"
},
"details": "A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /oews/admin/. The manipulation leads to exposure of information through directory listing. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. Multiple sub-directories are affected.",
"id": "GHSA-4pjm-2jf5-8h3g",
"modified": "2025-03-23T15:30:33Z",
"published": "2025-03-23T15:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2651"
},
{
"type": "WEB",
"url": "https://github.com/happytraveller-alone/cve/blob/main/Directory%20Traversal%20Vulnerability.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.300666"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.300666"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.519873"
},
{
"type": "WEB",
"url": "https://www.sourcecodester.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4RVM-66VQ-V2F2
Vulnerability from github – Published: 2022-03-18 00:01 – Updated: 2022-03-24 00:00Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.
{
"affected": [],
"aliases": [
"CVE-2022-24075"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-17T06:15:00Z",
"severity": "MODERATE"
},
"details": "Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.",
"id": "GHSA-4rvm-66vq-v2f2",
"modified": "2022-03-24T00:00:31Z",
"published": "2022-03-18T00:01:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24075"
},
{
"type": "WEB",
"url": "https://cve.naver.com/detail/cve-2022-24075"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4W2R-846C-V6V2
Vulnerability from github – Published: 2022-12-27 18:30 – Updated: 2023-01-05 06:30Some Dahua software products have a vulnerability of unrestricted download of file. After obtaining the permissions of ordinary users, by sending a specific crafted packet to the vulnerable interface, an attacker can download arbitrary files.
{
"affected": [],
"aliases": [
"CVE-2022-45426"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-27T18:15:00Z",
"severity": "MODERATE"
},
"details": "Some Dahua software products have a vulnerability of unrestricted download of file. After obtaining the permissions of ordinary users, by sending a specific crafted packet to the vulnerable interface, an attacker can download arbitrary files.",
"id": "GHSA-4w2r-846c-v6v2",
"modified": "2023-01-05T06:30:23Z",
"published": "2022-12-27T18:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45426"
},
{
"type": "WEB",
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4WPV-93CP-FCHH
Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2022-05-24 19:12A vulnerability in the web UI for Cisco Nexus Insights could allow an authenticated, remote attacker to view and download files related to the web application. The attacker requires valid device credentials. This vulnerability exists because proper role-based access control (RBAC) filters are not applied to file download actions. An attacker could exploit this vulnerability by logging in to the application and then navigating to the directory listing and download functions. A successful exploit could allow the attacker to download sensitive files that should be restricted, which could result in disclosure of sensitive information.
{
"affected": [],
"aliases": [
"CVE-2021-34765"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-02T03:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the web UI for Cisco Nexus Insights could allow an authenticated, remote attacker to view and download files related to the web application. The attacker requires valid device credentials. This vulnerability exists because proper role-based access control (RBAC) filters are not applied to file download actions. An attacker could exploit this vulnerability by logging in to the application and then navigating to the directory listing and download functions. A successful exploit could allow the attacker to download sensitive files that should be restricted, which could result in disclosure of sensitive information.",
"id": "GHSA-4wpv-93cp-fchh",
"modified": "2022-05-24T19:12:55Z",
"published": "2022-05-24T19:12:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34765"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-insight-infodis-2By2ZpBB"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-4WW4-3FW2-49WH
Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2024-04-04 01:27cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99).
{
"affected": [],
"aliases": [
"CVE-2016-10829"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-01T17:15:00Z",
"severity": "MODERATE"
},
"details": "cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99).",
"id": "GHSA-4ww4-3fw2-49wh",
"modified": "2024-04-04T01:27:39Z",
"published": "2022-05-24T16:52:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10829"
},
{
"type": "WEB",
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.
CAPEC-150: Collect Data from Common Resource Locations
An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.
CAPEC-639: Probe System Files
An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.