Common Weakness Enumeration

CWE-552

Allowed

Files or Directories Accessible to External Parties

Abstraction: Base · Status: Draft

The product makes files or directories accessible to unauthorized actors, even though they should not be.

670 vulnerabilities reference this CWE, most recent first.

GHSA-4326-C464-P449

Vulnerability from github – Published: 2023-02-01 18:30 – Updated: 2023-02-08 21:30
VLAI
Details

lmxcms v1.41 was discovered to contain an arbitrary file read vulnerability via TemplateAction.class.php.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48094"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-01T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "lmxcms v1.41 was discovered to contain an arbitrary file read vulnerability via TemplateAction.class.php.",
  "id": "GHSA-4326-c464-p449",
  "modified": "2023-02-08T21:30:22Z",
  "published": "2023-02-01T18:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48094"
    },
    {
      "type": "WEB",
      "url": "https://www.yuque.com/litanhua-fost9/hu05qa/gp3psgfdt1czpf45?singleDoc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-43JJ-2RWC-2M3F

Vulnerability from github – Published: 2020-07-15 17:38 – Updated: 2024-02-01 19:02
VLAI
Summary
Broken access control on files
Details

In SilverStripe assets 4.0, there is broken access control on files.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "silverstripe/framework"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "4.3.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "silverstripe/framework"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.4.0"
            },
            {
              "fixed": "4.4.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-14273"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-07-15T17:33:55Z",
    "nvd_published_at": "2019-09-26T12:15:11Z",
    "severity": "MODERATE"
  },
  "details": "In SilverStripe assets 4.0, there is broken access control on files.",
  "id": "GHSA-43jj-2rwc-2m3f",
  "modified": "2024-02-01T19:02:40Z",
  "published": "2020-07-15T17:38:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14273"
    },
    {
      "type": "WEB",
      "url": "https://forum.silverstripe.org/c/releases"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/FriendsOfPHP/security-advisories"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml"
    },
    {
      "type": "WEB",
      "url": "https://www.silverstripe.org/blog/tag/release"
    },
    {
      "type": "WEB",
      "url": "https://www.silverstripe.org/download/security-releases"
    },
    {
      "type": "WEB",
      "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14273"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Broken access control on files"
}

GHSA-43QF-QJ5J-5R47

Vulnerability from github – Published: 2025-12-24 21:30 – Updated: 2025-12-24 21:30
VLAI
Details

V-SOL GPON/EPON OLT Platform 2.03 contains an unauthenticated information disclosure vulnerability that allows attackers to download configuration files via direct object reference. Attackers can retrieve sensitive configuration data by sending HTTP GET requests to the usrcfg.conf endpoint, potentially enabling authentication bypass and system access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-25239"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-24T20:15:51Z",
    "severity": "HIGH"
  },
  "details": "V-SOL GPON/EPON OLT Platform 2.03 contains an unauthenticated information disclosure vulnerability that allows attackers to download configuration files via direct object reference. Attackers can retrieve sensitive configuration data by sending HTTP GET requests to the usrcfg.conf endpoint, potentially enabling authentication bypass and system access.",
  "id": "GHSA-43qf-qj5j-5r47",
  "modified": "2025-12-24T21:30:33Z",
  "published": "2025-12-24T21:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25239"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/47433"
    },
    {
      "type": "WEB",
      "url": "https://www.vsolcn.com"
    },
    {
      "type": "WEB",
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5534.php"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-442P-F25M-XR85

Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2022-05-24 19:14
VLAI
Details

A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 allows attackers to read the file contents from files that the running ExpertPDF process has access to read.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-35340"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-15T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 allows attackers to read the file contents from files that the running ExpertPDF process has access to read.",
  "id": "GHSA-442p-f25m-xr85",
  "modified": "2022-05-24T19:14:48Z",
  "published": "2022-05-24T19:14:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35340"
    },
    {
      "type": "WEB",
      "url": "https://optionalctf.com/cve-2020-35340-local-file-inclusion-in-expertpdf-9-5-0-14-1-0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-446X-9CWQ-39MX

Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2022-06-04 00:00
VLAI
Details

A local file inclusion vulnerability in B&R SiteManager versions <9.2.620236042 allows authenticated users to read sensitive files from SiteManager instances.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-11641"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-15T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A local file inclusion vulnerability in B\u0026R SiteManager versions \u003c9.2.620236042 allows authenticated users to read sensitive files from SiteManager instances.",
  "id": "GHSA-446x-9cwq-39mx",
  "modified": "2022-06-04T00:00:33Z",
  "published": "2022-05-24T17:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11641"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"
    },
    {
      "type": "WEB",
      "url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-452J-V697-RP7M

Vulnerability from github – Published: 2022-04-26 00:00 – Updated: 2022-05-13 00:01
VLAI
Details

The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-0656"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-25T16:16:00Z",
    "severity": "HIGH"
  },
  "details": "The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc)",
  "id": "GHSA-452j-v697-rp7m",
  "modified": "2022-05-13T00:01:07Z",
  "published": "2022-04-26T00:00:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0656"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/925c4c28-ae94-4684-a365-5f1e34e6c151"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-45J7-2QXV-QG3V

Vulnerability from github – Published: 2025-03-11 15:31 – Updated: 2025-03-11 15:31
VLAI
Details

The ReadFile endpoint of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to read arbitrary files from the underlying OS.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-22369"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-11T14:15:24Z",
    "severity": "HIGH"
  },
  "details": "The ReadFile endpoint of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to read arbitrary files from the underlying OS.",
  "id": "GHSA-45j7-2qxv-qg3v",
  "modified": "2025-03-11T15:31:00Z",
  "published": "2025-03-11T15:31:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22369"
    },
    {
      "type": "WEB",
      "url": "https://csirt.divd.nl/CVE-2025-22369"
    },
    {
      "type": "WEB",
      "url": "https://csirt.divd.nl/DIVD-2025-00003"
    },
    {
      "type": "WEB",
      "url": "https://www.mennekes.nl/fileadmin/MEN-Deutschland/emobility/04_software/06_smart_premium/Release_Notes_for_2.15_06.03.2025.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-4665-X724-M73J

Vulnerability from github – Published: 2022-02-08 00:00 – Updated: 2022-03-17 00:05
VLAI
Details

The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-24947"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352",
      "CWE-552",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-07T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server",
  "id": "GHSA-4665-x724-m73j",
  "modified": "2022-03-17T00:05:54Z",
  "published": "2022-02-08T00:00:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24947"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/c6bb12b1-6961-40bd-9110-edfa9ee41a18"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-46GW-G4GV-V5GW

Vulnerability from github – Published: 2025-10-09 18:30 – Updated: 2025-10-09 18:30
VLAI
Details

An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker using a crafted GET method to access any file on the file system. Using specially crafted GET methods, an attacker can gain access to files beyond the file path normally allowed by the JBoss daemon. These files could contain sensitive information restricted from access by low-privileged users.This issue affects all versions of Junos Space before 24.1R3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-59976"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-09T16:15:47Z",
    "severity": "HIGH"
  },
  "details": "An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker using a crafted GET method to access any file on the file system. Using specially crafted GET methods, an attacker can gain access to files beyond the file path normally allowed by the JBoss daemon. These files could contain sensitive information restricted from access by low-privileged users.This issue affects all versions of Junos Space before 24.1R3.",
  "id": "GHSA-46gw-g4gv-v5gw",
  "modified": "2025-10-09T18:30:36Z",
  "published": "2025-10-09T18:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59976"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA103170"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-46V5-GPCH-77VW

Vulnerability from github – Published: 2026-03-25 15:31 – Updated: 2026-03-26 12:30
VLAI
Details

From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account.

  • Installations based on Panorama Suite 2022-SP1 (22.50.005) are vulnerable unless update PS-2210-02-4079 (or higher) is installed
  • Installations based on Panorama Suite 2023 (23.00.004) are vulnerable unless updates PS-2300-03-3078 (or higher) and PS-2300-04-3078 (or higher) and PS-2300-82-3078

(or higher)

are installed * Installations based on Panorama Suite 2025 (25.00.016)

are vulnerable unless updates PS-2500-02-1078 (or higher) and PS-2500-04-1078 (or higher) are installed  * Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007)

are vulnerable unless updates PS-2510-02-1077 (or higher) and PS-2510-04-1077 (or higher)

are installed

Please refer to security bulletin BS-035, available on the Panorama CSIRT website:  https://my.codra.net/en-gb/csirt .

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-4760"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T13:16:27Z",
    "severity": "HIGH"
  },
  "details": "From\nPanorama Web HMI, an attacker can gain read access to certain Web HMI server\nfiles, if he knows their paths and if these files are accessible to the Servin\nprocess execution account.\n\n  *  Installations based on Panorama Suite 2022-SP1 (22.50.005) are vulnerable unless update\u00a0PS-2210-02-4079\u00a0(or higher) is installed\n  *  Installations based on Panorama Suite 2023 (23.00.004) are vulnerable \nunless updates\u00a0PS-2300-03-3078\u00a0(or higher) and\u00a0PS-2300-04-3078\u00a0(or higher)\nand\u00a0PS-2300-82-3078\n\n(or higher)\n\nare installed\n  *  Installations based on Panorama Suite 2025\u00a0(25.00.016)\n\nare vulnerable unless updates\u00a0PS-2500-02-1078\u00a0(or higher) and\u00a0PS-2500-04-1078\u00a0(or higher) are installed\u00a0\n  *  Installations based on Panorama Suite 2025 Updated Dec. 25\u00a0(25.10.007)\n\nare vulnerable unless updates\u00a0PS-2510-02-1077\u00a0(or higher) and\u00a0PS-2510-04-1077\u00a0(or higher)\n\nare installed\n\n\n\n\nPlease refer to security bulletin BS-035, available on the Panorama CSIRT website:\u00a0 https://my.codra.net/en-gb/csirt .",
  "id": "GHSA-46v5-gpch-77vw",
  "modified": "2026-03-26T12:30:29Z",
  "published": "2026-03-25T15:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4760"
    },
    {
      "type": "WEB",
      "url": "https://my.codra.net/api/csirt/download?resourceId=1467\u0026fileType=FichierPDF"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.

CAPEC-150: Collect Data from Common Resource Locations

An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.

CAPEC-639: Probe System Files

An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.