CWE-548
AllowedExposure of Information Through Directory Listing
Abstraction: Variant · Status: Draft
The product inappropriately exposes a directory listing with an index of all the resources located inside of the directory.
101 vulnerabilities reference this CWE, most recent first.
GHSA-FRQW-J5X4-8Q93
Vulnerability from github – Published: 2026-01-06 18:31 – Updated: 2026-01-06 18:31RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple endpoints to retrieve system resources and debug log information without authentication.
{
"affected": [],
"aliases": [
"CVE-2020-36921"
],
"database_specific": {
"cwe_ids": [
"CWE-548"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-06T16:15:48Z",
"severity": "MODERATE"
},
"details": "RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple endpoints to retrieve system resources and debug log information without authentication.",
"id": "GHSA-frqw-j5x4-8q93",
"modified": "2026-01-06T18:31:34Z",
"published": "2026-01-06T18:31:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36921"
},
{
"type": "WEB",
"url": "https://cxsecurity.com/issue/WLB-2020110130"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191803"
},
{
"type": "WEB",
"url": "https://packetstormsecurity.com/files/160073"
},
{
"type": "WEB",
"url": "https://www.red-v.tv"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/red-v-super-digital-signage-system-log-information-disclosure-vulnerability"
},
{
"type": "WEB",
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5609.php"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-G7QH-M9G7-242J
Vulnerability from github – Published: 2024-09-12 06:30 – Updated: 2024-09-12 06:30A vulnerability, which was classified as problematic, has been found in SourceCodester Food Ordering Management System 1.0. Affected by this issue is some unknown functionality of the file /includes/. The manipulation leads to exposure of information through directory listing. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2024-8711"
],
"database_specific": {
"cwe_ids": [
"CWE-548"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-12T04:15:07Z",
"severity": "MODERATE"
},
"details": "A vulnerability, which was classified as problematic, has been found in SourceCodester Food Ordering Management System 1.0. Affected by this issue is some unknown functionality of the file /includes/. The manipulation leads to exposure of information through directory listing. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-g7qh-m9g7-242j",
"modified": "2024-09-12T06:30:21Z",
"published": "2024-09-12T06:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8711"
},
{
"type": "WEB",
"url": "https://github.com/jz-qb/cve/blob/main/dir.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.277220"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.277220"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.405343"
},
{
"type": "WEB",
"url": "https://www.sourcecodester.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-GJCG-7H9Q-Q3RG
Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2025-12-09 18:30IBM QRadar SIEM 7.5 - 7.5.0 UP14 IF01 is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update.
{
"affected": [],
"aliases": [
"CVE-2024-56464"
],
"database_specific": {
"cwe_ids": [
"CWE-548"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-09T16:17:28Z",
"severity": "LOW"
},
"details": "IBM QRadar SIEM\u00a07.5 - 7.5.0 UP14 IF01 is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update.",
"id": "GHSA-gjcg-7h9q-q3rg",
"modified": "2025-12-09T18:30:34Z",
"published": "2025-12-09T18:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56464"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7253664"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-H5FW-99JV-5C89
Vulnerability from github – Published: 2024-03-20 15:32 – Updated: 2024-08-05 21:31An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated directory listing can occur: the web interface cay be abused be an attacker get a better understanding of the operating system.
{
"affected": [],
"aliases": [
"CVE-2024-22082"
],
"database_specific": {
"cwe_ids": [
"CWE-548"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-20T05:15:45Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated directory listing can occur: the web interface cay be abused be an attacker get a better understanding of the operating system.",
"id": "GHSA-h5fw-99jv-5c89",
"modified": "2024-08-05T21:31:18Z",
"published": "2024-03-20T15:32:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22082"
},
{
"type": "WEB",
"url": "https://www.elspec-ltd.com/support/security-advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HHGH-4VPC-8C58
Vulnerability from github – Published: 2025-03-06 21:31 – Updated: 2025-03-06 21:31A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /upload/. The manipulation leads to exposure of information through directory listing. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-2038"
],
"database_specific": {
"cwe_ids": [
"CWE-548",
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-06T20:15:38Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /upload/. The manipulation leads to exposure of information through directory listing. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-hhgh-4vpc-8c58",
"modified": "2025-03-06T21:31:27Z",
"published": "2025-03-06T21:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2038"
},
{
"type": "WEB",
"url": "https://code-projects.org"
},
{
"type": "WEB",
"url": "https://github.com/intercpt/XSS1/blob/main/Directorylisting.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.298781"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.298781"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.512558"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-HJR7-XMG8-7XVP
Vulnerability from github – Published: 2024-08-15 03:30 – Updated: 2024-08-15 03:30A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /tracking/nbproject/. The manipulation leads to exposure of information through directory listing. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2024-7809"
],
"database_specific": {
"cwe_ids": [
"CWE-548"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-15T02:15:03Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /tracking/nbproject/. The manipulation leads to exposure of information through directory listing. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-hjr7-xmg8-7xvp",
"modified": "2024-08-15T03:30:28Z",
"published": "2024-08-15T03:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7809"
},
{
"type": "WEB",
"url": "https://github.com/Wsstiger/cve/blob/main/Tracer_mu.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.274705"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.274705"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.390781"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-HRWX-69C9-H8QQ
Vulnerability from github – Published: 2025-07-08 15:32 – Updated: 2025-07-08 15:32IBM Sterling File Gateway
6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4
could disclose sensitive installation directory information to an authenticated user that could be used in further attacks against the system.
{
"affected": [],
"aliases": [
"CVE-2025-2827"
],
"database_specific": {
"cwe_ids": [
"CWE-548"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-08T15:15:27Z",
"severity": "MODERATE"
},
"details": "IBM Sterling File Gateway \n\n6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4\n\n\n\n\n\ncould disclose sensitive installation directory information to an authenticated user that could be used in further attacks against the system.",
"id": "GHSA-hrwx-69c9-h8qq",
"modified": "2025-07-08T15:32:03Z",
"published": "2025-07-08T15:32:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2827"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7239094"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JGWP-H4GX-XM93
Vulnerability from github – Published: 2022-11-02 19:00 – Updated: 2022-11-04 19:01A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory.
{
"affected": [],
"aliases": [
"CVE-2021-45446"
],
"database_specific": {
"cwe_ids": [
"CWE-281",
"CWE-548",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-02T15:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory.",
"id": "GHSA-jgwp-h4gx-xm93",
"modified": "2022-11-04T19:01:17Z",
"published": "2022-11-02T19:00:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45446"
},
{
"type": "WEB",
"url": "https://support.pentaho.com/hc/en-us/articles/6744813983501"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JHJ5-WGM2-6MQF
Vulnerability from github – Published: 2025-01-27 03:30 – Updated: 2025-01-27 03:30IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could disclose sensitive information about directory contents that could aid in further attacks against the system.
{
"affected": [],
"aliases": [
"CVE-2024-28766"
],
"database_specific": {
"cwe_ids": [
"CWE-548"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T02:15:28Z",
"severity": "LOW"
},
"details": "IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could disclose sensitive information about directory contents that could aid in further attacks against the system.",
"id": "GHSA-jhj5-wgm2-6mqf",
"modified": "2025-01-27T03:30:26Z",
"published": "2025-01-27T03:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28766"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7161444"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M2M5-CXXQ-M4HM
Vulnerability from github – Published: 2025-05-15 21:31 – Updated: 2025-05-15 21:31IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing.
{
"affected": [],
"aliases": [
"CVE-2025-1138"
],
"database_specific": {
"cwe_ids": [
"CWE-548"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-15T21:15:49Z",
"severity": "MODERATE"
},
"details": "IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing.",
"id": "GHSA-m2m5-cxxq-m4hm",
"modified": "2025-05-15T21:31:35Z",
"published": "2025-05-15T21:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1138"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7230295"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Recommendations include restricting access to important directories or files by adopting a need to know requirement for both the document and server root, and turning off features such as Automatic Directory Listings that could expose private files and provide information that could be utilized by an attacker when formulating or conducting an attack.
No CAPEC attack patterns related to this CWE.