Common Weakness Enumeration

CWE-548

Allowed

Exposure of Information Through Directory Listing

Abstraction: Variant · Status: Draft

The product inappropriately exposes a directory listing with an index of all the resources located inside of the directory.

101 vulnerabilities reference this CWE, most recent first.

GHSA-FRQW-J5X4-8Q93

Vulnerability from github – Published: 2026-01-06 18:31 – Updated: 2026-01-06 18:31
VLAI
Details

RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple endpoints to retrieve system resources and debug log information without authentication.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-36921"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-548"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-06T16:15:48Z",
    "severity": "MODERATE"
  },
  "details": "RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple endpoints to retrieve system resources and debug log information without authentication.",
  "id": "GHSA-frqw-j5x4-8q93",
  "modified": "2026-01-06T18:31:34Z",
  "published": "2026-01-06T18:31:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36921"
    },
    {
      "type": "WEB",
      "url": "https://cxsecurity.com/issue/WLB-2020110130"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191803"
    },
    {
      "type": "WEB",
      "url": "https://packetstormsecurity.com/files/160073"
    },
    {
      "type": "WEB",
      "url": "https://www.red-v.tv"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/red-v-super-digital-signage-system-log-information-disclosure-vulnerability"
    },
    {
      "type": "WEB",
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5609.php"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-G7QH-M9G7-242J

Vulnerability from github – Published: 2024-09-12 06:30 – Updated: 2024-09-12 06:30
VLAI
Details

A vulnerability, which was classified as problematic, has been found in SourceCodester Food Ordering Management System 1.0. Affected by this issue is some unknown functionality of the file /includes/. The manipulation leads to exposure of information through directory listing. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-8711"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-548"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-12T04:15:07Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability, which was classified as problematic, has been found in SourceCodester Food Ordering Management System 1.0. Affected by this issue is some unknown functionality of the file /includes/. The manipulation leads to exposure of information through directory listing. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-g7qh-m9g7-242j",
  "modified": "2024-09-12T06:30:21Z",
  "published": "2024-09-12T06:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8711"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jz-qb/cve/blob/main/dir.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.277220"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.277220"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.405343"
    },
    {
      "type": "WEB",
      "url": "https://www.sourcecodester.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-GJCG-7H9Q-Q3RG

Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2025-12-09 18:30
VLAI
Details

IBM QRadar SIEM 7.5 - 7.5.0 UP14 IF01 is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-56464"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-548"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-09T16:17:28Z",
    "severity": "LOW"
  },
  "details": "IBM QRadar SIEM\u00a07.5 - 7.5.0 UP14 IF01 is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update.",
  "id": "GHSA-gjcg-7h9q-q3rg",
  "modified": "2025-12-09T18:30:34Z",
  "published": "2025-12-09T18:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56464"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7253664"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H5FW-99JV-5C89

Vulnerability from github – Published: 2024-03-20 15:32 – Updated: 2024-08-05 21:31
VLAI
Details

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated directory listing can occur: the web interface cay be abused be an attacker get a better understanding of the operating system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-22082"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-548"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-20T05:15:45Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated directory listing can occur: the web interface cay be abused be an attacker get a better understanding of the operating system.",
  "id": "GHSA-h5fw-99jv-5c89",
  "modified": "2024-08-05T21:31:18Z",
  "published": "2024-03-20T15:32:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22082"
    },
    {
      "type": "WEB",
      "url": "https://www.elspec-ltd.com/support/security-advisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HHGH-4VPC-8C58

Vulnerability from github – Published: 2025-03-06 21:31 – Updated: 2025-03-06 21:31
VLAI
Details

A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /upload/. The manipulation leads to exposure of information through directory listing. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-2038"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-548",
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-06T20:15:38Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /upload/. The manipulation leads to exposure of information through directory listing. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-hhgh-4vpc-8c58",
  "modified": "2025-03-06T21:31:27Z",
  "published": "2025-03-06T21:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2038"
    },
    {
      "type": "WEB",
      "url": "https://code-projects.org"
    },
    {
      "type": "WEB",
      "url": "https://github.com/intercpt/XSS1/blob/main/Directorylisting.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.298781"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.298781"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.512558"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-HJR7-XMG8-7XVP

Vulnerability from github – Published: 2024-08-15 03:30 – Updated: 2024-08-15 03:30
VLAI
Details

A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /tracking/nbproject/. The manipulation leads to exposure of information through directory listing. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-7809"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-548"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-15T02:15:03Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /tracking/nbproject/. The manipulation leads to exposure of information through directory listing. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-hjr7-xmg8-7xvp",
  "modified": "2024-08-15T03:30:28Z",
  "published": "2024-08-15T03:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7809"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Wsstiger/cve/blob/main/Tracer_mu.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.274705"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.274705"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.390781"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-HRWX-69C9-H8QQ

Vulnerability from github – Published: 2025-07-08 15:32 – Updated: 2025-07-08 15:32
VLAI
Details

IBM Sterling File Gateway

6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4

could disclose sensitive installation directory information to an authenticated user that could be used in further attacks against the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-2827"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-548"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-08T15:15:27Z",
    "severity": "MODERATE"
  },
  "details": "IBM Sterling File Gateway \n\n6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4\n\n\n\n\n\ncould disclose sensitive installation directory information to an authenticated user that could be used in further attacks against the system.",
  "id": "GHSA-hrwx-69c9-h8qq",
  "modified": "2025-07-08T15:32:03Z",
  "published": "2025-07-08T15:32:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2827"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7239094"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JGWP-H4GX-XM93

Vulnerability from github – Published: 2022-11-02 19:00 – Updated: 2022-11-04 19:01
VLAI
Details

A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-45446"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281",
      "CWE-548",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-02T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory.",
  "id": "GHSA-jgwp-h4gx-xm93",
  "modified": "2022-11-04T19:01:17Z",
  "published": "2022-11-02T19:00:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45446"
    },
    {
      "type": "WEB",
      "url": "https://support.pentaho.com/hc/en-us/articles/6744813983501"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JHJ5-WGM2-6MQF

Vulnerability from github – Published: 2025-01-27 03:30 – Updated: 2025-01-27 03:30
VLAI
Details

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could disclose sensitive information about directory contents that could aid in further attacks against the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-28766"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-548"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-27T02:15:28Z",
    "severity": "LOW"
  },
  "details": "IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could disclose sensitive information about directory contents that could aid in further attacks against the system.",
  "id": "GHSA-jhj5-wgm2-6mqf",
  "modified": "2025-01-27T03:30:26Z",
  "published": "2025-01-27T03:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28766"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7161444"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M2M5-CXXQ-M4HM

Vulnerability from github – Published: 2025-05-15 21:31 – Updated: 2025-05-15 21:31
VLAI
Details

IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-1138"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-548"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-15T21:15:49Z",
    "severity": "MODERATE"
  },
  "details": "IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing.",
  "id": "GHSA-m2m5-cxxq-m4hm",
  "modified": "2025-05-15T21:31:35Z",
  "published": "2025-05-15T21:31:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1138"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7230295"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design System Configuration

Recommendations include restricting access to important directories or files by adopting a need to know requirement for both the document and server root, and turning off features such as Automatic Directory Listings that could expose private files and provide information that could be utilized by an attacker when formulating or conducting an attack.

No CAPEC attack patterns related to this CWE.