CWE-552
AllowedFiles or Directories Accessible to External Parties
Abstraction: Base · Status: Draft
The product makes files or directories accessible to unauthorized actors, even though they should not be.
670 vulnerabilities reference this CWE, most recent first.
GHSA-4326-C464-P449
Vulnerability from github – Published: 2023-02-01 18:30 – Updated: 2023-02-08 21:30lmxcms v1.41 was discovered to contain an arbitrary file read vulnerability via TemplateAction.class.php.
{
"affected": [],
"aliases": [
"CVE-2022-48094"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-01T16:15:00Z",
"severity": "MODERATE"
},
"details": "lmxcms v1.41 was discovered to contain an arbitrary file read vulnerability via TemplateAction.class.php.",
"id": "GHSA-4326-c464-p449",
"modified": "2023-02-08T21:30:22Z",
"published": "2023-02-01T18:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48094"
},
{
"type": "WEB",
"url": "https://www.yuque.com/litanhua-fost9/hu05qa/gp3psgfdt1czpf45?singleDoc"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-43JJ-2RWC-2M3F
Vulnerability from github – Published: 2020-07-15 17:38 – Updated: 2024-02-01 19:02In SilverStripe assets 4.0, there is broken access control on files.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "silverstripe/framework"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.3.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "silverstripe/framework"
},
"ranges": [
{
"events": [
{
"introduced": "4.4.0"
},
{
"fixed": "4.4.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-14273"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": true,
"github_reviewed_at": "2020-07-15T17:33:55Z",
"nvd_published_at": "2019-09-26T12:15:11Z",
"severity": "MODERATE"
},
"details": "In SilverStripe assets 4.0, there is broken access control on files.",
"id": "GHSA-43jj-2rwc-2m3f",
"modified": "2024-02-01T19:02:40Z",
"published": "2020-07-15T17:38:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14273"
},
{
"type": "WEB",
"url": "https://forum.silverstripe.org/c/releases"
},
{
"type": "PACKAGE",
"url": "https://github.com/FriendsOfPHP/security-advisories"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml"
},
{
"type": "WEB",
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"type": "WEB",
"url": "https://www.silverstripe.org/download/security-releases"
},
{
"type": "WEB",
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14273"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Broken access control on files"
}
GHSA-43QF-QJ5J-5R47
Vulnerability from github – Published: 2025-12-24 21:30 – Updated: 2025-12-24 21:30V-SOL GPON/EPON OLT Platform 2.03 contains an unauthenticated information disclosure vulnerability that allows attackers to download configuration files via direct object reference. Attackers can retrieve sensitive configuration data by sending HTTP GET requests to the usrcfg.conf endpoint, potentially enabling authentication bypass and system access.
{
"affected": [],
"aliases": [
"CVE-2019-25239"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-24T20:15:51Z",
"severity": "HIGH"
},
"details": "V-SOL GPON/EPON OLT Platform 2.03 contains an unauthenticated information disclosure vulnerability that allows attackers to download configuration files via direct object reference. Attackers can retrieve sensitive configuration data by sending HTTP GET requests to the usrcfg.conf endpoint, potentially enabling authentication bypass and system access.",
"id": "GHSA-43qf-qj5j-5r47",
"modified": "2025-12-24T21:30:33Z",
"published": "2025-12-24T21:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25239"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/47433"
},
{
"type": "WEB",
"url": "https://www.vsolcn.com"
},
{
"type": "WEB",
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5534.php"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-442P-F25M-XR85
Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2022-05-24 19:14A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 allows attackers to read the file contents from files that the running ExpertPDF process has access to read.
{
"affected": [],
"aliases": [
"CVE-2020-35340"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-15T12:15:00Z",
"severity": "HIGH"
},
"details": "A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 allows attackers to read the file contents from files that the running ExpertPDF process has access to read.",
"id": "GHSA-442p-f25m-xr85",
"modified": "2022-05-24T19:14:48Z",
"published": "2022-05-24T19:14:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35340"
},
{
"type": "WEB",
"url": "https://optionalctf.com/cve-2020-35340-local-file-inclusion-in-expertpdf-9-5-0-14-1-0"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-446X-9CWQ-39MX
Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2022-06-04 00:00A local file inclusion vulnerability in B&R SiteManager versions <9.2.620236042 allows authenticated users to read sensitive files from SiteManager instances.
{
"affected": [],
"aliases": [
"CVE-2020-11641"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-15T15:15:00Z",
"severity": "MODERATE"
},
"details": "A local file inclusion vulnerability in B\u0026R SiteManager versions \u003c9.2.620236042 allows authenticated users to read sensitive files from SiteManager instances.",
"id": "GHSA-446x-9cwq-39mx",
"modified": "2022-06-04T00:00:33Z",
"published": "2022-05-24T17:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11641"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"
},
{
"type": "WEB",
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-452J-V697-RP7M
Vulnerability from github – Published: 2022-04-26 00:00 – Updated: 2022-05-13 00:01The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc)
{
"affected": [],
"aliases": [
"CVE-2022-0656"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-25T16:16:00Z",
"severity": "HIGH"
},
"details": "The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc)",
"id": "GHSA-452j-v697-rp7m",
"modified": "2022-05-13T00:01:07Z",
"published": "2022-04-26T00:00:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0656"
},
{
"type": "WEB",
"url": "https://wpscan.com/vulnerability/925c4c28-ae94-4684-a365-5f1e34e6c151"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-45J7-2QXV-QG3V
Vulnerability from github – Published: 2025-03-11 15:31 – Updated: 2025-03-11 15:31The ReadFile endpoint of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to read arbitrary files from the underlying OS.
{
"affected": [],
"aliases": [
"CVE-2025-22369"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-11T14:15:24Z",
"severity": "HIGH"
},
"details": "The ReadFile endpoint of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to read arbitrary files from the underlying OS.",
"id": "GHSA-45j7-2qxv-qg3v",
"modified": "2025-03-11T15:31:00Z",
"published": "2025-03-11T15:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22369"
},
{
"type": "WEB",
"url": "https://csirt.divd.nl/CVE-2025-22369"
},
{
"type": "WEB",
"url": "https://csirt.divd.nl/DIVD-2025-00003"
},
{
"type": "WEB",
"url": "https://www.mennekes.nl/fileadmin/MEN-Deutschland/emobility/04_software/06_smart_premium/Release_Notes_for_2.15_06.03.2025.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4665-X724-M73J
Vulnerability from github – Published: 2022-02-08 00:00 – Updated: 2022-03-17 00:05The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server
{
"affected": [],
"aliases": [
"CVE-2021-24947"
],
"database_specific": {
"cwe_ids": [
"CWE-352",
"CWE-552",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-07T16:15:00Z",
"severity": "MODERATE"
},
"details": "The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server",
"id": "GHSA-4665-x724-m73j",
"modified": "2022-03-17T00:05:54Z",
"published": "2022-02-08T00:00:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24947"
},
{
"type": "WEB",
"url": "https://wpscan.com/vulnerability/c6bb12b1-6961-40bd-9110-edfa9ee41a18"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-46GW-G4GV-V5GW
Vulnerability from github – Published: 2025-10-09 18:30 – Updated: 2025-10-09 18:30An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker using a crafted GET method to access any file on the file system. Using specially crafted GET methods, an attacker can gain access to files beyond the file path normally allowed by the JBoss daemon. These files could contain sensitive information restricted from access by low-privileged users.This issue affects all versions of Junos Space before 24.1R3.
{
"affected": [],
"aliases": [
"CVE-2025-59976"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-09T16:15:47Z",
"severity": "HIGH"
},
"details": "An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker using a crafted GET method to access any file on the file system. Using specially crafted GET methods, an attacker can gain access to files beyond the file path normally allowed by the JBoss daemon. These files could contain sensitive information restricted from access by low-privileged users.This issue affects all versions of Junos Space before 24.1R3.",
"id": "GHSA-46gw-g4gv-v5gw",
"modified": "2025-10-09T18:30:36Z",
"published": "2025-10-09T18:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59976"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA103170"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-46V5-GPCH-77VW
Vulnerability from github – Published: 2026-03-25 15:31 – Updated: 2026-03-26 12:30From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account.
- Installations based on Panorama Suite 2022-SP1 (22.50.005) are vulnerable unless update PS-2210-02-4079 (or higher) is installed
- Installations based on Panorama Suite 2023 (23.00.004) are vulnerable unless updates PS-2300-03-3078 (or higher) and PS-2300-04-3078 (or higher) and PS-2300-82-3078
(or higher)
are installed * Installations based on Panorama Suite 2025 (25.00.016)
are vulnerable unless updates PS-2500-02-1078 (or higher) and PS-2500-04-1078 (or higher) are installed * Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007)
are vulnerable unless updates PS-2510-02-1077 (or higher) and PS-2510-04-1077 (or higher)
are installed
Please refer to security bulletin BS-035, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt .
{
"affected": [],
"aliases": [
"CVE-2026-4760"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T13:16:27Z",
"severity": "HIGH"
},
"details": "From\nPanorama Web HMI, an attacker can gain read access to certain Web HMI server\nfiles, if he knows their paths and if these files are accessible to the Servin\nprocess execution account.\n\n * Installations based on Panorama Suite 2022-SP1 (22.50.005) are vulnerable unless update\u00a0PS-2210-02-4079\u00a0(or higher) is installed\n * Installations based on Panorama Suite 2023 (23.00.004) are vulnerable \nunless updates\u00a0PS-2300-03-3078\u00a0(or higher) and\u00a0PS-2300-04-3078\u00a0(or higher)\nand\u00a0PS-2300-82-3078\n\n(or higher)\n\nare installed\n * Installations based on Panorama Suite 2025\u00a0(25.00.016)\n\nare vulnerable unless updates\u00a0PS-2500-02-1078\u00a0(or higher) and\u00a0PS-2500-04-1078\u00a0(or higher) are installed\u00a0\n * Installations based on Panorama Suite 2025 Updated Dec. 25\u00a0(25.10.007)\n\nare vulnerable unless updates\u00a0PS-2510-02-1077\u00a0(or higher) and\u00a0PS-2510-04-1077\u00a0(or higher)\n\nare installed\n\n\n\n\nPlease refer to security bulletin BS-035, available on the Panorama CSIRT website:\u00a0 https://my.codra.net/en-gb/csirt .",
"id": "GHSA-46v5-gpch-77vw",
"modified": "2026-03-26T12:30:29Z",
"published": "2026-03-25T15:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4760"
},
{
"type": "WEB",
"url": "https://my.codra.net/api/csirt/download?resourceId=1467\u0026fileType=FichierPDF"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red",
"type": "CVSS_V4"
}
]
}
Mitigation
When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.
CAPEC-150: Collect Data from Common Resource Locations
An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.
CAPEC-639: Probe System Files
An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.