Common Weakness Enumeration

CWE-552

Allowed

Files or Directories Accessible to External Parties

Abstraction: Base · Status: Draft

The product makes files or directories accessible to unauthorized actors, even though they should not be.

670 vulnerabilities reference this CWE, most recent first.

GHSA-67X9-8JXX-85F8

Vulnerability from github – Published: 2025-05-30 09:30 – Updated: 2025-05-30 09:30
VLAI
Details

The web portal on airpointer 2.4.107-2 was vulnerable local file inclusion. A malicious user with administrative privileges in the web portal would be able to manipulate requests to view files on the filesystem

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-4634"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-30T09:15:25Z",
    "severity": "MODERATE"
  },
  "details": "The web portal on airpointer 2.4.107-2 was vulnerable local file inclusion. A malicious user with administrative privileges in the web portal would be able to manipulate requests to view files on the filesystem",
  "id": "GHSA-67x9-8jxx-85f8",
  "modified": "2025-05-30T09:30:27Z",
  "published": "2025-05-30T09:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4634"
    },
    {
      "type": "WEB",
      "url": "https://jct-aq.com/products/airpointer2d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6974-V8M9-MMJ5

Vulnerability from github – Published: 2022-12-19 15:30 – Updated: 2022-12-23 18:30
VLAI
Details

The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-4106"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-19T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server.",
  "id": "GHSA-6974-v8m9-mmj5",
  "modified": "2022-12-23T18:30:40Z",
  "published": "2022-12-19T15:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4106"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/b60a0d3d-148f-4e9b-baee-7332890804ed"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-69H4-9VCF-3H5Q

Vulnerability from github – Published: 2022-05-24 17:07 – Updated: 2022-05-26 00:01
VLAI
Details

An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-3927"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-02-03T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.",
  "id": "GHSA-69h4-9vcf-3h5q",
  "modified": "2022-05-26T00:01:12Z",
  "published": "2022-05-24T17:07:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3927"
    },
    {
      "type": "WEB",
      "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910007"
    },
    {
      "type": "WEB",
      "url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6C75-M6FQ-9MH7

Vulnerability from github – Published: 2023-01-03 00:30 – Updated: 2023-01-09 18:30
VLAI
Details

The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file, which could allow unauthenticated attacker to read arbitrary files on the server

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-4140"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-02T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file, which could allow unauthenticated attacker to read arbitrary files on the server",
  "id": "GHSA-6c75-m6fq-9mh7",
  "modified": "2023-01-09T18:30:17Z",
  "published": "2023-01-03T00:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4140"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/0d649a7e-3334-48f7-abca-fff0856e12c7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6HFV-JW53-QRC2

Vulnerability from github – Published: 2023-02-27 18:32 – Updated: 2023-03-04 06:30
VLAI
Details

The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-0331"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-27T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server.",
  "id": "GHSA-6hfv-jw53-qrc2",
  "modified": "2023-03-04T06:30:22Z",
  "published": "2023-02-27T18:32:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0331"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/1b4dbaf3-1364-4103-9a7b-b5a1355c685b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6HW8-GQ2C-479X

Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-05-24 19:10
VLAI
Details

Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-36276"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-09T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.",
  "id": "GHSA-6hw8-gq2c-479x",
  "modified": "2022-05-24T19:10:24Z",
  "published": "2022-05-24T19:10:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36276"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000190105/dsa-2021-152-dell-client-platform-security-update-for-an-insufficient-access-control-vulnerability-in-the-dell-dbutildrv2-sys-driver"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6J5R-8VHM-P3X4

Vulnerability from github – Published: 2022-10-17 19:00 – Updated: 2022-10-21 19:01
VLAI
Details

The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve sensitive information such as IP, Names and Email Address depending on the plugin's settings

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-2834"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-17T12:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve sensitive information such as IP, Names and Email Address depending on the plugin\u0027s settings",
  "id": "GHSA-6j5r-8vhm-p3x4",
  "modified": "2022-10-21T19:01:14Z",
  "published": "2022-10-17T19:00:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2834"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/468d5fc7-04c6-4354-b134-85ebb25b37ae"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6P3H-R2C5-CH3V

Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2022-06-04 00:00
VLAI
Details

The local file inclusion vulnerability present in B&R SiteManager versions <9.2.620236042 allows authenticated users to impact availability of SiteManager instances.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-11642"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-15T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The local file inclusion vulnerability present in B\u0026R SiteManager versions \u003c9.2.620236042 allows authenticated users to impact availability of SiteManager instances.",
  "id": "GHSA-6p3h-r2c5-ch3v",
  "modified": "2022-06-04T00:00:33Z",
  "published": "2022-05-24T17:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11642"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"
    },
    {
      "type": "WEB",
      "url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6P6H-9JG2-W75J

Vulnerability from github – Published: 2025-07-17 18:31 – Updated: 2025-07-24 21:30
VLAI
Details

OA EKP v16 was discovered to contain an arbitrary download vulnerability via the component /ui/sys_ui_extend/sysUiExtend.do. This vulnerability allows attackers to obtain the password of the background administrator and further obtain database permissions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-41566"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-17T16:15:34Z",
    "severity": "HIGH"
  },
  "details": "OA EKP v16 was discovered to contain an arbitrary download vulnerability via the component /ui/sys_ui_extend/sysUiExtend.do. This vulnerability allows attackers to obtain the password of the background administrator and further obtain database permissions.",
  "id": "GHSA-6p6h-9jg2-w75j",
  "modified": "2025-07-24T21:30:37Z",
  "published": "2025-07-17T18:31:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41566"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/night-0p/668fc88385d4f60feb90b7fcef8443b1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/night-0p/anh/blob/main/Landray%20OA/FileDownload.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6Q4V-9F44-VXXX

Vulnerability from github – Published: 2024-11-27 03:31 – Updated: 2025-03-05 15:30
VLAI
Details

A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-53676"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-27T01:15:05Z",
    "severity": "CRITICAL"
  },
  "details": "A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution.",
  "id": "GHSA-6q4v-9f44-vxxx",
  "modified": "2025-03-05T15:30:50Z",
  "published": "2024-11-27T03:31:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53676"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pwnfuzz/POCs/tree/main/CVE-2024-53676"
    },
    {
      "type": "WEB",
      "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04731en_us"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.

CAPEC-150: Collect Data from Common Resource Locations

An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.

CAPEC-639: Probe System Files

An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.