Common Weakness Enumeration

CWE-552

Allowed

Files or Directories Accessible to External Parties

Abstraction: Base · Status: Draft

The product makes files or directories accessible to unauthorized actors, even though they should not be.

670 vulnerabilities reference this CWE, most recent first.

GHSA-JCXH-7F92-Q9F6

Vulnerability from github – Published: 2025-03-11 12:30 – Updated: 2025-03-11 12:30
VLAI
Details

A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application does not properly restrict access to the file deletion functionality. This could allow an unauthorized attacker to delete files even when access to the system should be prohibited, resulting in potential data loss or unauthorized modification of system files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-25266"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-11T10:15:17Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions \u003c V2302.0021), Tecnomatix Plant Simulation V2404 (All versions \u003c V2404.0010). The affected application does not properly restrict access to the file deletion functionality.\nThis could allow an unauthorized attacker to delete files even when access to the system should be prohibited, resulting in potential data loss or unauthorized modification of system files.",
  "id": "GHSA-jcxh-7f92-q9f6",
  "modified": "2025-03-11T12:30:59Z",
  "published": "2025-03-11T12:30:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25266"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-507653.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-JFMF-9MMF-25WW

Vulnerability from github – Published: 2023-03-28 15:30 – Updated: 2025-02-19 21:31
VLAI
Details

Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-25260"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-28T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion.",
  "id": "GHSA-jfmf-9mmf-25ww",
  "modified": "2025-02-19T21:31:28Z",
  "published": "2023-03-28T15:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25260"
    },
    {
      "type": "WEB",
      "url": "https://cloud-trustit.spp.at/s/K9ZXWzEmftaxa3C"
    },
    {
      "type": "WEB",
      "url": "https://cves.at/posts/cve-2023-25260/writeup"
    },
    {
      "type": "WEB",
      "url": "http://stimulsoft.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JGH6-R92W-WGCF

Vulnerability from github – Published: 2025-01-30 18:32 – Updated: 2025-01-30 18:32
VLAI
Details

Potential privilege escalation vulnerability in Revenera InstallShield versions 2022 R2 and 2021 R2 due to adding InstallScript custom action to a Basic MSI or InstallScript MSI project extracting few binaries to a predefined writable folder during installation time. The standard user account has write access to these files and folders, hence replacing them during installation time can lead to a DLL hijacking vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-29080"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-30T18:15:28Z",
    "severity": "HIGH"
  },
  "details": "Potential privilege escalation vulnerability in Revenera InstallShield versions 2022 R2 and 2021 R2\u00a0due to adding\u00a0InstallScript custom action to a Basic MSI or InstallScript MSI project extracting few binaries to a predefined writable folder during installation time. The standard user account has write access to these files and folders, hence replacing them during installation time can lead to a DLL hijacking vulnerability.",
  "id": "GHSA-jgh6-r92w-wgcf",
  "modified": "2025-01-30T18:32:09Z",
  "published": "2025-01-30T18:32:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29080"
    },
    {
      "type": "WEB",
      "url": "https://community.revenera.com/s/article/cve-2023-29080-security-patch-for-the-possible-privileged-escalation-scenarios-identified-in-installshield-nbsp"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-JH9M-3M95-C6HP

Vulnerability from github – Published: 2025-06-01 15:30 – Updated: 2025-06-02 06:30
VLAI
Details

YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-40908"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-01T14:15:21Z",
    "severity": "CRITICAL"
  },
  "details": "YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified",
  "id": "GHSA-jh9m-3m95-c6hp",
  "modified": "2025-06-02T06:30:32Z",
  "published": "2025-06-01T15:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40908"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ingydotnet/yaml-libyaml-pm/issues/120"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ingydotnet/yaml-libyaml-pm/pull/121"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ingydotnet/yaml-libyaml-pm/pull/122"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JJQ4-4RFQ-9948

Vulnerability from github – Published: 2022-05-20 00:00 – Updated: 2022-05-27 00:00
VLAI
Details

Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Counter Box plugin <= 1.1.1 at WordPress.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-29446"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-19T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company\u0027s Counter Box plugin \u003c= 1.1.1 at WordPress.",
  "id": "GHSA-jjq4-4rfq-9948",
  "modified": "2022-05-27T00:00:33Z",
  "published": "2022-05-20T00:00:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29446"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/counter-box/wordpress-counter-box-plugin-1-1-1-authenticated-local-file-inclusion-lfi-vulnerability"
    },
    {
      "type": "WEB",
      "url": "https://wordpress.org/plugins/counter-box/#developers"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JQ72-627Q-5JFJ

Vulnerability from github – Published: 2025-10-13 06:32 – Updated: 2025-10-21 15:30
VLAI
Details

HCL Unica Platform is affected by unprotected files due to improper access controls.  These files may contain sensitive information such as private or system information that can be exploited by attackers to compromise the application, infrastructure, or users.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-31996"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-13T04:15:56Z",
    "severity": "MODERATE"
  },
  "details": "HCL Unica Platform is affected by unprotected files due to improper access controls.  \u00a0These files may contain sensitive information such as private or system information that can be exploited by attackers to compromise the application, infrastructure, or users.",
  "id": "GHSA-jq72-627q-5jfj",
  "modified": "2025-10-21T15:30:55Z",
  "published": "2025-10-13T06:32:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31996"
    },
    {
      "type": "WEB",
      "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0124418"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JQVR-GMGR-WG44

Vulnerability from github – Published: 2022-05-24 17:06 – Updated: 2022-05-24 17:06
VLAI
Details

The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 2020_{0..1}{0..2}_{0..3}{0..9} format, guessing UNIX timestamps, and making HTTPS requests with the complete guessed URL.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-7241"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330",
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-01-20T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 2020_{0..1}{0..2}_{0..3}{0..9} format, guessing UNIX timestamps, and making HTTPS requests with the complete guessed URL.",
  "id": "GHSA-jqvr-gmgr-wg44",
  "modified": "2022-05-24T17:06:56Z",
  "published": "2022-05-24T17:06:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7241"
    },
    {
      "type": "WEB",
      "url": "https://github.com/V1n1v131r4/Exploiting-WP-Database-Backup-WordPress-Plugin/blob/master/README.md"
    },
    {
      "type": "WEB",
      "url": "https://wordpress.org/plugins/wp-database-backup/#developers"
    },
    {
      "type": "WEB",
      "url": "https://zeroauth.ltd/blog/2020/01/21/analysis-on-cve-2020-7241-misrepresenting-a-security-vulnerability"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JRH7-FGHQ-G8XM

Vulnerability from github – Published: 2022-02-08 00:00 – Updated: 2022-02-12 00:01
VLAI
Details

The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin settings page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-25004"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-07T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin settings page.",
  "id": "GHSA-jrh7-fghq-g8xm",
  "modified": "2022-02-12T00:01:07Z",
  "published": "2022-02-08T00:00:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25004"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/cfbc2b43-b8f8-4bcb-a3d3-39d217afa530"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-JRP8-VQ3H-W34W

Vulnerability from github – Published: 2025-02-07 18:31 – Updated: 2025-02-10 18:30
VLAI
Details

Directory Traversal vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the File Listing function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-55213"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-07T16:15:37Z",
    "severity": "HIGH"
  },
  "details": "Directory Traversal vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the File Listing function.",
  "id": "GHSA-jrp8-vq3h-w34w",
  "modified": "2025-02-10T18:30:46Z",
  "published": "2025-02-07T18:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55213"
    },
    {
      "type": "WEB",
      "url": "https://dhtmlx.com/docs/products/demoApps/dhtmlxFileExplorerDemo"
    },
    {
      "type": "WEB",
      "url": "https://packetstorm.news/files/id/189020"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JXM6-82V5-5M3H

Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2023-11-15 21:35
VLAI
Details

Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only available through the REST API.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-31831"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-03T10:15:00Z",
    "severity": "HIGH"
  },
  "details": "Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only available through the REST API.",
  "id": "GHSA-jxm6-82v5-5m3h",
  "modified": "2023-11-15T21:35:01Z",
  "published": "2022-05-24T19:03:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31831"
    },
    {
      "type": "WEB",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10359"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.

CAPEC-150: Collect Data from Common Resource Locations

An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.

CAPEC-639: Probe System Files

An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.