Common Weakness Enumeration

CWE-552

Allowed

Files or Directories Accessible to External Parties

Abstraction: Base · Status: Draft

The product makes files or directories accessible to unauthorized actors, even though they should not be.

670 vulnerabilities reference this CWE, most recent first.

GHSA-4CQH-MQRW-7QQG

Vulnerability from github – Published: 2022-05-24 17:46 – Updated: 2022-05-24 17:46
VLAI
Details

The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-24154"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-05T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd",
  "id": "GHSA-4cqh-mqrw-7qqg",
  "modified": "2022-05-24T17:46:30Z",
  "published": "2022-05-24T17:46:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24154"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/566c6836-fc3d-4dd9-b351-c3d9da9ec22e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-4G73-W34J-P4W5

Vulnerability from github – Published: 2022-04-09 00:00 – Updated: 2022-04-15 00:00
VLAI
Details

Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure vulnerability via /index.php?page=home.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-28002"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-08T09:15:00Z",
    "severity": "HIGH"
  },
  "details": "Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure vulnerability via /index.php?page=home.",
  "id": "GHSA-4g73-w34j-p4w5",
  "modified": "2022-04-15T00:00:57Z",
  "published": "2022-04-09T00:00:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28002"
    },
    {
      "type": "WEB",
      "url": "https://github.com/D4rkP0w4r/CVEs/blob/main/Movie%20Seat%20Reservation%20System%20File%20Disclosure/POC.md"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/166658/Movie-Seat-Reservation-System-1.0-File-Disclosure-SQL-Injection.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4HMR-39VP-XFRR

Vulnerability from github – Published: 2025-02-24 21:31 – Updated: 2025-02-24 22:02
VLAI
Summary
Moodle has an arbitrary file read risk through pdfTeX
Details

Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available (such as those with TeX Live installed).

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.5.0-beta"
            },
            {
              "fixed": "4.5.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.4.0-beta"
            },
            {
              "fixed": "4.4.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.3.0-beta"
            },
            {
              "fixed": "4.3.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.1.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-26525"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-02-24T22:02:26Z",
    "nvd_published_at": "2025-02-24T20:15:33Z",
    "severity": "HIGH"
  },
  "details": "Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available (such as \nthose with TeX Live installed).",
  "id": "GHSA-4hmr-39vp-xfrr",
  "modified": "2025-02-24T22:02:27Z",
  "published": "2025-02-24T21:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26525"
    },
    {
      "type": "WEB",
      "url": "https://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-84136"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/moodle/moodle"
    },
    {
      "type": "WEB",
      "url": "https://moodle.org/mod/forum/discuss.php?d=466141"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Moodle has an arbitrary file read risk through pdfTeX"
}

GHSA-4M78-WR94-P294

Vulnerability from github – Published: 2023-07-05 15:30 – Updated: 2024-04-04 05:23
VLAI
Details

A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TLS certificate in use by the BMC via forced browsing. This can then be abused to perform Man-in-the-Middle (MitM) attacks against victims that access the web interface through HTTPS.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-2538"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-05T13:15:09Z",
    "severity": "MODERATE"
  },
  "details": "A CWE-552 \"Files or Directories Accessible to External Parties\u201d in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TLS certificate in use by the BMC via forced browsing. This can then be abused to perform Man-in-the-Middle (MitM) attacks against victims that access the web interface through HTTPS.",
  "id": "GHSA-4m78-wr94-p294",
  "modified": "2024-04-04T05:23:28Z",
  "published": "2023-07-05T15:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2538"
    },
    {
      "type": "WEB",
      "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-2538"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4MQ9-MP5G-R83Q

Vulnerability from github – Published: 2023-10-16 21:30 – Updated: 2024-04-04 08:41
VLAI
Details

The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the gallery_edit function, allowing an attacker to access arbitrary resources on the server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-3155"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-16T20:15:14Z",
    "severity": "HIGH"
  },
  "details": "The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server.",
  "id": "GHSA-4mq9-mp5g-r83q",
  "modified": "2024-04-04T08:41:15Z",
  "published": "2023-10-16T21:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3155"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/5c8473f4-4b52-430b-9140-b81b0a0901da"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4PJM-2JF5-8H3G

Vulnerability from github – Published: 2025-03-23 15:30 – Updated: 2025-03-23 15:30
VLAI
Details

A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /oews/admin/. The manipulation leads to exposure of information through directory listing. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. Multiple sub-directories are affected.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-2651"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-548",
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-23T15:15:13Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /oews/admin/. The manipulation leads to exposure of information through directory listing. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. Multiple sub-directories are affected.",
  "id": "GHSA-4pjm-2jf5-8h3g",
  "modified": "2025-03-23T15:30:33Z",
  "published": "2025-03-23T15:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2651"
    },
    {
      "type": "WEB",
      "url": "https://github.com/happytraveller-alone/cve/blob/main/Directory%20Traversal%20Vulnerability.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.300666"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.300666"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.519873"
    },
    {
      "type": "WEB",
      "url": "https://www.sourcecodester.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-4RVM-66VQ-V2F2

Vulnerability from github – Published: 2022-03-18 00:01 – Updated: 2022-03-24 00:00
VLAI
Details

Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-24075"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-17T06:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.",
  "id": "GHSA-4rvm-66vq-v2f2",
  "modified": "2022-03-24T00:00:31Z",
  "published": "2022-03-18T00:01:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24075"
    },
    {
      "type": "WEB",
      "url": "https://cve.naver.com/detail/cve-2022-24075"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4W2R-846C-V6V2

Vulnerability from github – Published: 2022-12-27 18:30 – Updated: 2023-01-05 06:30
VLAI
Details

Some Dahua software products have a vulnerability of unrestricted download of file. After obtaining the permissions of ordinary users, by sending a specific crafted packet to the vulnerable interface, an attacker can download arbitrary files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-45426"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-27T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Some Dahua software products have a vulnerability of unrestricted download of file. After obtaining the permissions of ordinary users, by sending a specific crafted packet to the vulnerable interface, an attacker can download arbitrary files.",
  "id": "GHSA-4w2r-846c-v6v2",
  "modified": "2023-01-05T06:30:23Z",
  "published": "2022-12-27T18:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45426"
    },
    {
      "type": "WEB",
      "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4WPV-93CP-FCHH

Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2022-05-24 19:12
VLAI
Details

A vulnerability in the web UI for Cisco Nexus Insights could allow an authenticated, remote attacker to view and download files related to the web application. The attacker requires valid device credentials. This vulnerability exists because proper role-based access control (RBAC) filters are not applied to file download actions. An attacker could exploit this vulnerability by logging in to the application and then navigating to the directory listing and download functions. A successful exploit could allow the attacker to download sensitive files that should be restricted, which could result in disclosure of sensitive information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-34765"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-02T03:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the web UI for Cisco Nexus Insights could allow an authenticated, remote attacker to view and download files related to the web application. The attacker requires valid device credentials. This vulnerability exists because proper role-based access control (RBAC) filters are not applied to file download actions. An attacker could exploit this vulnerability by logging in to the application and then navigating to the directory listing and download functions. A successful exploit could allow the attacker to download sensitive files that should be restricted, which could result in disclosure of sensitive information.",
  "id": "GHSA-4wpv-93cp-fchh",
  "modified": "2022-05-24T19:12:55Z",
  "published": "2022-05-24T19:12:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34765"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-insight-infodis-2By2ZpBB"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-4WW4-3FW2-49WH

Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2024-04-04 01:27
VLAI
Details

cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-10829"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-01T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99).",
  "id": "GHSA-4ww4-3fw2-49wh",
  "modified": "2024-04-04T01:27:39Z",
  "published": "2022-05-24T16:52:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10829"
    },
    {
      "type": "WEB",
      "url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.

CAPEC-150: Collect Data from Common Resource Locations

An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.

CAPEC-639: Probe System Files

An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.