CWE-548
AllowedExposure of Information Through Directory Listing
Abstraction: Variant · Status: Draft
The product inappropriately exposes a directory listing with an index of all the resources located inside of the directory.
101 vulnerabilities reference this CWE, most recent first.
GHSA-94FR-F773-P7WG
Vulnerability from github – Published: 2025-12-09 21:31 – Updated: 2025-12-19 21:30OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse directories like /debug/ and /php/ to discover configuration files, database credentials, and system information.
{
"affected": [],
"aliases": [
"CVE-2021-47718"
],
"database_specific": {
"cwe_ids": [
"CWE-548"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-09T21:15:50Z",
"severity": "HIGH"
},
"details": "OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse directories like /debug/ and /php/ to discover configuration files, database credentials, and system information.",
"id": "GHSA-94fr-f773-p7wg",
"modified": "2025-12-19T21:30:15Z",
"published": "2025-12-09T21:31:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47718"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/50671"
},
{
"type": "WEB",
"url": "https://www.openbmcs.com"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openbmcs-directory-listing-information-disclosure"
},
{
"type": "WEB",
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5695.php"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-94QF-5XC2-5VRQ
Vulnerability from github – Published: 2024-04-12 15:37 – Updated: 2024-07-05 15:32Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file.
{
"affected": [],
"aliases": [
"CVE-2024-3707"
],
"database_specific": {
"cwe_ids": [
"CWE-548"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-12T14:15:09Z",
"severity": "MODERATE"
},
"details": " Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file.",
"id": "GHSA-94qf-5xc2-5vrq",
"modified": "2024-07-05T15:32:05Z",
"published": "2024-04-12T15:37:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3707"
},
{
"type": "WEB",
"url": "https://opengnsys.es/web/parche-de-seguridad-cve-2024-370x"
},
{
"type": "WEB",
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-99VG-WHP9-CXQ4
Vulnerability from github – Published: 2024-01-19 15:30 – Updated: 2024-01-25 21:32A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web application.
{
"affected": [],
"aliases": [
"CVE-2023-51948"
],
"database_specific": {
"cwe_ids": [
"CWE-548"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-19T14:15:12Z",
"severity": "HIGH"
},
"details": "A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web application.",
"id": "GHSA-99vg-whp9-cxq4",
"modified": "2024-01-25T21:32:13Z",
"published": "2024-01-19T15:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51948"
},
{
"type": "WEB",
"url": "https://github.com/saw-your-packet/CVEs/blob/main/CVE-2023-51948/README.md"
},
{
"type": "WEB",
"url": "https://www.actidata.com/index.php/de-de/actinas-plus-sl-2u-8-rdx"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9VP2-38F9-8838
Vulnerability from github – Published: 2025-07-03 12:34 – Updated: 2025-07-03 12:34The configuration of the Apache httpd webserver which serves the MEAC300-FNADE4 web application, is partly insecure. There are modules activated that are not required for the operation of the FNADE4 web application. The functionality of the some modules
pose a risk to the webserver which enable dircetory listing.
{
"affected": [],
"aliases": [
"CVE-2025-27452"
],
"database_specific": {
"cwe_ids": [
"CWE-548"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-03T12:15:23Z",
"severity": "MODERATE"
},
"details": "The configuration of the Apache httpd webserver which serves the MEAC300-FNADE4 web application, is partly insecure. There are modules activated that are not required for the operation of the FNADE4 web application. The functionality of the some modules \n\npose a risk to the webserver which enable dircetory listing.",
"id": "GHSA-9vp2-38f9-8838",
"modified": "2025-07-03T12:34:58Z",
"published": "2025-07-03T12:34:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27452"
},
{
"type": "WEB",
"url": "https://sick.com/psirt"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"type": "WEB",
"url": "https://www.endress.com"
},
{
"type": "WEB",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"type": "WEB",
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.json"
},
{
"type": "WEB",
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9X83-XQ9P-CXQ5
Vulnerability from github – Published: 2025-12-31 00:31 – Updated: 2025-12-31 00:31SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive log files. Attackers can directly browse the /log directory to retrieve system and sensitive information without authentication.
{
"affected": [],
"aliases": [
"CVE-2022-50788"
],
"database_specific": {
"cwe_ids": [
"CWE-548"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-30T23:15:45Z",
"severity": "MODERATE"
},
"details": "SOUND4 IMPACT/FIRST/PULSE/Eco \u003c=2.x contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive log files. Attackers can directly browse the /log directory to retrieve system and sensitive information without authentication.",
"id": "GHSA-9x83-xq9p-cxq5",
"modified": "2025-12-31T00:31:10Z",
"published": "2025-12-31T00:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50788"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247921"
},
{
"type": "WEB",
"url": "https://packetstormsecurity.com/files/170259/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-Information-Disclosure.html"
},
{
"type": "WEB",
"url": "https://www.sound4.com"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-information-disclosure-via-log-directory"
},
{
"type": "WEB",
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5732.php"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-C2GJ-RQW8-V3HW
Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information.
{
"affected": [],
"aliases": [
"CVE-2017-6045"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-548"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-21T19:29:00Z",
"severity": "HIGH"
},
"details": "An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information.",
"id": "GHSA-c2gj-rqw8-v3hw",
"modified": "2022-05-13T01:36:33Z",
"published": "2022-05-13T01:36:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6045"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/99066"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-C5CJ-XP43-QCC3
Vulnerability from github – Published: 2025-10-23 12:31 – Updated: 2025-10-24 20:58An error-handling issue in the Moodle router (r.php) could cause the application to display internal directory listings when specific HTTP headers were not properly configured.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0-beta"
},
{
"fixed": "5.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "4.5.0-beta"
},
{
"fixed": "4.5.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-62396"
],
"database_specific": {
"cwe_ids": [
"CWE-548"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-24T20:58:32Z",
"nvd_published_at": "2025-10-23T12:15:31Z",
"severity": "MODERATE"
},
"details": "An error-handling issue in the Moodle router (r.php) could cause the application to display internal directory listings when specific HTTP headers were not properly configured.",
"id": "GHSA-c5cj-xp43-qcc3",
"modified": "2025-10-24T20:58:32Z",
"published": "2025-10-23T12:31:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62396"
},
{
"type": "WEB",
"url": "https://github.com/moodle/moodle/commit/5d4910509eeaac8403d18ec8f259e29d2f11527e"
},
{
"type": "WEB",
"url": "https://github.com/moodle/moodle/commit/5e7d5abc483d0511ebfc2042075eabcc392ff4ce"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-62396"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404429"
},
{
"type": "PACKAGE",
"url": "https://github.com/moodle/moodle"
},
{
"type": "WEB",
"url": "https://moodle.org/mod/forum/discuss.php?d=470385"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Moodle\u0027s error handling leads to sensitive information disclosure"
}
GHSA-CFQX-F43M-VFH7
Vulnerability from github – Published: 2024-10-03 19:46 – Updated: 2024-10-03 19:46Summary
A user with admin permission can read arbitrary file and directory names on the filesystem by calling the admin/build-mobile-app/result?build_dir_name= endpoint. The build_dir_name parameter is not properly validated and it's then used to construct the buildDir that is read. The file/directory names under the buildDir will be returned.
Details
- file: https://github.com/saltcorn/saltcorn/blob/v1.0.0-beta.13/packages/server/routes/admin.js#L2884-L2893
router.get(
"/build-mobile-app/result",
isAdmin,
error_catcher(async (req, res) => {
const { build_dir_name } = req.query; // [1] source
const rootFolder = await File.rootFolder();
const buildDir = path.join(
rootFolder.location,
"mobile_app",
build_dir_name // [2]
);
const files = await Promise.all(
fs
.readdirSync(buildDir) // [3] sink
.map(async (outFile) => await File.from_file_on_disk(outFile, buildDir))
);
[...]
})
);
PoC
- log into the application as an admin user
- visit the following url:
http://localhost:3000/admin/build-mobile-app/result?build_dir_name=/../../../../../../../../
NOTE: it's possible to only see file and directory names but not to download their content.
Impact
Information disclosure
Recommended Mitigation
Resolve the buildDir and check if it starts with ${rootFolder.location}/mobile_app.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.0.0-beta.13"
},
"package": {
"ecosystem": "npm",
"name": "@saltcorn/server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.0-beta.14"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-548"
],
"github_reviewed": true,
"github_reviewed_at": "2024-10-03T19:46:42Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Summary\n\nA user with admin permission can read arbitrary file and directory names on the filesystem by calling the `admin/build-mobile-app/result?build_dir_name=` endpoint. The `build_dir_name` parameter is not properly validated and it\u0027s then used to construct the `buildDir` that is read. The file/directory names under the `buildDir` will be returned. \n\n### Details\n\n- file: https://github.com/saltcorn/saltcorn/blob/v1.0.0-beta.13/packages/server/routes/admin.js#L2884-L2893\n\n```js\nrouter.get(\n \"/build-mobile-app/result\",\n isAdmin,\n error_catcher(async (req, res) =\u003e {\n const { build_dir_name } = req.query; // [1] source\n const rootFolder = await File.rootFolder();\n const buildDir = path.join(\n rootFolder.location,\n \"mobile_app\",\n build_dir_name // [2]\n );\n const files = await Promise.all(\n fs\n .readdirSync(buildDir) // [3] sink\n .map(async (outFile) =\u003e await File.from_file_on_disk(outFile, buildDir))\n );\n [...]\n })\n);\n```\n\n### PoC\n\n- log into the application as an admin user\n- visit the following url: `http://localhost:3000/admin/build-mobile-app/result?build_dir_name=/../../../../../../../../`\n\n\n**NOTE**: it\u0027s possible to only see file and directory names but not to download their content.\n\n### Impact\n\nInformation disclosure\n\n### Recommended Mitigation\n\nResolve the `buildDir` and check if it starts with `${rootFolder.location}/mobile_app`.",
"id": "GHSA-cfqx-f43m-vfh7",
"modified": "2024-10-03T19:46:43Z",
"published": "2024-10-03T19:46:42Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/saltcorn/saltcorn/security/advisories/GHSA-cfqx-f43m-vfh7"
},
{
"type": "WEB",
"url": "https://github.com/saltcorn/saltcorn/commit/81adaf78430a9b59804894574d67d2a0c7bb3dc5"
},
{
"type": "PACKAGE",
"url": "https://github.com/saltcorn/saltcorn"
},
{
"type": "WEB",
"url": "https://github.com/saltcorn/saltcorn/blob/v1.0.0-beta.13/packages/server/routes/admin.js#L2884-L2893"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "@saltcorn/server arbitrary file and directory listing when accessing build mobile app results"
}
GHSA-F28R-C98M-QR3R
Vulnerability from github – Published: 2023-01-15 21:30 – Updated: 2023-01-24 21:30A vulnerability was found in tombh jekbox. It has been rated as problematic. This issue affects some unknown processing of the file lib/server.rb. The manipulation leads to exposure of information through directory listing. The attack may be initiated remotely. The name of the patch is 64eb2677671018fc08b96718b81e3dbc83693190. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218375.
{
"affected": [],
"aliases": [
"CVE-2016-15019"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-548"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-15T19:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability was found in tombh jekbox. It has been rated as problematic. This issue affects some unknown processing of the file lib/server.rb. The manipulation leads to exposure of information through directory listing. The attack may be initiated remotely. The name of the patch is 64eb2677671018fc08b96718b81e3dbc83693190. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218375.",
"id": "GHSA-f28r-c98m-qr3r",
"modified": "2023-01-24T21:30:37Z",
"published": "2023-01-15T21:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-15019"
},
{
"type": "WEB",
"url": "https://github.com/tombh/jekbox/commit/64eb2677671018fc08b96718b81e3dbc83693190"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.218375"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.218375"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-F8FJ-4VVJ-89GH
Vulnerability from github – Published: 2026-05-14 15:31 – Updated: 2026-05-14 15:31Vvveb before 1.0.8.3 contains a directory listing information disclosure vulnerability that allows unauthenticated attackers to enumerate files and directories by accessing multiple paths lacking proper index directives in .htaccess files. Attackers can access directories such as admin asset paths, plugins, themes, and media folders to view filenames, file sizes, modification timestamps, and unrendered admin templates containing sensitive route maps.
{
"affected": [],
"aliases": [
"CVE-2026-41933"
],
"database_specific": {
"cwe_ids": [
"CWE-548"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-14T15:16:45Z",
"severity": "MODERATE"
},
"details": "Vvveb before 1.0.8.3 contains a directory listing information disclosure vulnerability that allows unauthenticated attackers to enumerate files and directories by accessing multiple paths lacking proper index directives in .htaccess files. Attackers can access directories such as admin asset paths, plugins, themes, and media folders to view filenames, file sizes, modification timestamps, and unrendered admin templates containing sensitive route maps.",
"id": "GHSA-f8fj-4vvj-89gh",
"modified": "2026-05-14T15:31:59Z",
"published": "2026-05-14T15:31:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41933"
},
{
"type": "WEB",
"url": "https://github.com/givanz/Vvveb/commit/96ae04c5e4a295e281adc1d02d77444173653deb"
},
{
"type": "WEB",
"url": "https://github.com/givanz/Vvveb/releases/tag/1.0.8.3"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/vvveb-directory-listing-information-disclosure"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation
Recommendations include restricting access to important directories or files by adopting a need to know requirement for both the document and server root, and turning off features such as Automatic Directory Listings that could expose private files and provide information that could be utilized by an attacker when formulating or conducting an attack.
No CAPEC attack patterns related to this CWE.