CWE-552
AllowedFiles or Directories Accessible to External Parties
Abstraction: Base · Status: Draft
The product makes files or directories accessible to unauthorized actors, even though they should not be.
670 vulnerabilities reference this CWE, most recent first.
GHSA-JCXH-7F92-Q9F6
Vulnerability from github – Published: 2025-03-11 12:30 – Updated: 2025-03-11 12:30A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application does not properly restrict access to the file deletion functionality. This could allow an unauthorized attacker to delete files even when access to the system should be prohibited, resulting in potential data loss or unauthorized modification of system files.
{
"affected": [],
"aliases": [
"CVE-2025-25266"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-11T10:15:17Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions \u003c V2302.0021), Tecnomatix Plant Simulation V2404 (All versions \u003c V2404.0010). The affected application does not properly restrict access to the file deletion functionality.\nThis could allow an unauthorized attacker to delete files even when access to the system should be prohibited, resulting in potential data loss or unauthorized modification of system files.",
"id": "GHSA-jcxh-7f92-q9f6",
"modified": "2025-03-11T12:30:59Z",
"published": "2025-03-11T12:30:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25266"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-507653.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-JFMF-9MMF-25WW
Vulnerability from github – Published: 2023-03-28 15:30 – Updated: 2025-02-19 21:31Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion.
{
"affected": [],
"aliases": [
"CVE-2023-25260"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-28T14:15:00Z",
"severity": "HIGH"
},
"details": "Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion.",
"id": "GHSA-jfmf-9mmf-25ww",
"modified": "2025-02-19T21:31:28Z",
"published": "2023-03-28T15:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25260"
},
{
"type": "WEB",
"url": "https://cloud-trustit.spp.at/s/K9ZXWzEmftaxa3C"
},
{
"type": "WEB",
"url": "https://cves.at/posts/cve-2023-25260/writeup"
},
{
"type": "WEB",
"url": "http://stimulsoft.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JGH6-R92W-WGCF
Vulnerability from github – Published: 2025-01-30 18:32 – Updated: 2025-01-30 18:32Potential privilege escalation vulnerability in Revenera InstallShield versions 2022 R2 and 2021 R2 due to adding InstallScript custom action to a Basic MSI or InstallScript MSI project extracting few binaries to a predefined writable folder during installation time. The standard user account has write access to these files and folders, hence replacing them during installation time can lead to a DLL hijacking vulnerability.
{
"affected": [],
"aliases": [
"CVE-2023-29080"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-30T18:15:28Z",
"severity": "HIGH"
},
"details": "Potential privilege escalation vulnerability in Revenera InstallShield versions 2022 R2 and 2021 R2\u00a0due to adding\u00a0InstallScript custom action to a Basic MSI or InstallScript MSI project extracting few binaries to a predefined writable folder during installation time. The standard user account has write access to these files and folders, hence replacing them during installation time can lead to a DLL hijacking vulnerability.",
"id": "GHSA-jgh6-r92w-wgcf",
"modified": "2025-01-30T18:32:09Z",
"published": "2025-01-30T18:32:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29080"
},
{
"type": "WEB",
"url": "https://community.revenera.com/s/article/cve-2023-29080-security-patch-for-the-possible-privileged-escalation-scenarios-identified-in-installshield-nbsp"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-JH9M-3M95-C6HP
Vulnerability from github – Published: 2025-06-01 15:30 – Updated: 2025-06-02 06:30YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified
{
"affected": [],
"aliases": [
"CVE-2025-40908"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-01T14:15:21Z",
"severity": "CRITICAL"
},
"details": "YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified",
"id": "GHSA-jh9m-3m95-c6hp",
"modified": "2025-06-02T06:30:32Z",
"published": "2025-06-01T15:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40908"
},
{
"type": "WEB",
"url": "https://github.com/ingydotnet/yaml-libyaml-pm/issues/120"
},
{
"type": "WEB",
"url": "https://github.com/ingydotnet/yaml-libyaml-pm/pull/121"
},
{
"type": "WEB",
"url": "https://github.com/ingydotnet/yaml-libyaml-pm/pull/122"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JJQ4-4RFQ-9948
Vulnerability from github – Published: 2022-05-20 00:00 – Updated: 2022-05-27 00:00Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Counter Box plugin <= 1.1.1 at WordPress.
{
"affected": [],
"aliases": [
"CVE-2022-29446"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-19T16:15:00Z",
"severity": "HIGH"
},
"details": "Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company\u0027s Counter Box plugin \u003c= 1.1.1 at WordPress.",
"id": "GHSA-jjq4-4rfq-9948",
"modified": "2022-05-27T00:00:33Z",
"published": "2022-05-20T00:00:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29446"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/counter-box/wordpress-counter-box-plugin-1-1-1-authenticated-local-file-inclusion-lfi-vulnerability"
},
{
"type": "WEB",
"url": "https://wordpress.org/plugins/counter-box/#developers"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JQ72-627Q-5JFJ
Vulnerability from github – Published: 2025-10-13 06:32 – Updated: 2025-10-21 15:30HCL Unica Platform is affected by unprotected files due to improper access controls. These files may contain sensitive information such as private or system information that can be exploited by attackers to compromise the application, infrastructure, or users.
{
"affected": [],
"aliases": [
"CVE-2025-31996"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-13T04:15:56Z",
"severity": "MODERATE"
},
"details": "HCL Unica Platform is affected by unprotected files due to improper access controls. \u00a0These files may contain sensitive information such as private or system information that can be exploited by attackers to compromise the application, infrastructure, or users.",
"id": "GHSA-jq72-627q-5jfj",
"modified": "2025-10-21T15:30:55Z",
"published": "2025-10-13T06:32:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31996"
},
{
"type": "WEB",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0124418"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JQVR-GMGR-WG44
Vulnerability from github – Published: 2022-05-24 17:06 – Updated: 2022-05-24 17:06The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 2020_{0..1}{0..2}_{0..3}{0..9} format, guessing UNIX timestamps, and making HTTPS requests with the complete guessed URL.
{
"affected": [],
"aliases": [
"CVE-2020-7241"
],
"database_specific": {
"cwe_ids": [
"CWE-330",
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-20T20:15:00Z",
"severity": "MODERATE"
},
"details": "The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 2020_{0..1}{0..2}_{0..3}{0..9} format, guessing UNIX timestamps, and making HTTPS requests with the complete guessed URL.",
"id": "GHSA-jqvr-gmgr-wg44",
"modified": "2022-05-24T17:06:56Z",
"published": "2022-05-24T17:06:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7241"
},
{
"type": "WEB",
"url": "https://github.com/V1n1v131r4/Exploiting-WP-Database-Backup-WordPress-Plugin/blob/master/README.md"
},
{
"type": "WEB",
"url": "https://wordpress.org/plugins/wp-database-backup/#developers"
},
{
"type": "WEB",
"url": "https://zeroauth.ltd/blog/2020/01/21/analysis-on-cve-2020-7241-misrepresenting-a-security-vulnerability"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JRH7-FGHQ-G8XM
Vulnerability from github – Published: 2022-02-08 00:00 – Updated: 2022-02-12 00:01The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin settings page.
{
"affected": [],
"aliases": [
"CVE-2021-25004"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-07T16:15:00Z",
"severity": "MODERATE"
},
"details": "The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin settings page.",
"id": "GHSA-jrh7-fghq-g8xm",
"modified": "2022-02-12T00:01:07Z",
"published": "2022-02-08T00:00:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25004"
},
{
"type": "WEB",
"url": "https://wpscan.com/vulnerability/cfbc2b43-b8f8-4bcb-a3d3-39d217afa530"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-JRP8-VQ3H-W34W
Vulnerability from github – Published: 2025-02-07 18:31 – Updated: 2025-02-10 18:30Directory Traversal vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the File Listing function.
{
"affected": [],
"aliases": [
"CVE-2024-55213"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-07T16:15:37Z",
"severity": "HIGH"
},
"details": "Directory Traversal vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the File Listing function.",
"id": "GHSA-jrp8-vq3h-w34w",
"modified": "2025-02-10T18:30:46Z",
"published": "2025-02-07T18:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55213"
},
{
"type": "WEB",
"url": "https://dhtmlx.com/docs/products/demoApps/dhtmlxFileExplorerDemo"
},
{
"type": "WEB",
"url": "https://packetstorm.news/files/id/189020"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-JXM6-82V5-5M3H
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2023-11-15 21:35Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only available through the REST API.
{
"affected": [],
"aliases": [
"CVE-2021-31831"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-03T10:15:00Z",
"severity": "HIGH"
},
"details": "Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only available through the REST API.",
"id": "GHSA-jxm6-82v5-5m3h",
"modified": "2023-11-15T21:35:01Z",
"published": "2022-05-24T19:03:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31831"
},
{
"type": "WEB",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10359"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation
When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.
CAPEC-150: Collect Data from Common Resource Locations
An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.
CAPEC-639: Probe System Files
An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.