Common Weakness Enumeration

CWE-552

Allowed

Files or Directories Accessible to External Parties

Abstraction: Base · Status: Draft

The product makes files or directories accessible to unauthorized actors, even though they should not be.

670 vulnerabilities reference this CWE, most recent first.

GHSA-MV2P-XXQX-RG9J

Vulnerability from github – Published: 2023-06-16 18:30 – Updated: 2024-04-04 04:55
VLAI
Details

jfinal CMS 5.1.0 has an arbitrary file read vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-34645"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-16T18:15:09Z",
    "severity": "HIGH"
  },
  "details": "jfinal CMS 5.1.0 has an arbitrary file read vulnerability.",
  "id": "GHSA-mv2p-xxqx-rg9j",
  "modified": "2024-04-04T04:55:10Z",
  "published": "2023-06-16T18:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34645"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jflyfox/jfinal_cms/issues/57"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MV68-J39W-7QFQ

Vulnerability from github – Published: 2022-05-24 17:39 – Updated: 2022-05-24 17:39
VLAI
Details

Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /icons/ directories via GET Parameter.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-27368"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-14T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /icons/ directories via GET Parameter.",
  "id": "GHSA-mv68-j39w-7qfq",
  "modified": "2022-05-24T17:39:17Z",
  "published": "2022-05-24T17:39:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27368"
    },
    {
      "type": "WEB",
      "url": "https://github.com/swzhouu/CVE-2020-27368"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-MWFM-2CM9-PFHJ

Vulnerability from github – Published: 2022-05-24 19:16 – Updated: 2022-05-24 19:16
VLAI
Details

NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Read operations via the FDSQueryService endpoint.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-35203"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-30T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Read operations via the FDSQueryService endpoint.",
  "id": "GHSA-mwfm-2cm9-pfhj",
  "modified": "2022-05-24T19:16:10Z",
  "published": "2022-05-24T19:16:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35203"
    },
    {
      "type": "WEB",
      "url": "https://www.netscout.com/securityadvisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-P25H-W2RQ-V3CW

Vulnerability from github – Published: 2024-10-11 18:32 – Updated: 2024-10-16 00:30
VLAI
Details

A directory listing issue in the baserCMS plugin in D-ZERO CO., LTD. BurgerEditor and BurgerEditor Limited Edition before 2.25.1 allows remote attackers to obtain sensitive information by exposing a list of the uploaded files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-44807"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-11T18:15:08Z",
    "severity": "MODERATE"
  },
  "details": "A directory listing issue in the baserCMS plugin in D-ZERO CO., LTD. BurgerEditor and BurgerEditor Limited Edition before 2.25.1 allows remote attackers to obtain sensitive information by exposing a list of the uploaded files.",
  "id": "GHSA-p25h-w2rq-v3cw",
  "modified": "2024-10-16T00:30:57Z",
  "published": "2024-10-11T18:32:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44807"
    },
    {
      "type": "WEB",
      "url": "https://burger.d-zero.co.jp/blogs/archives/2"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN54676967"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/jp/JVN54676967"
    },
    {
      "type": "WEB",
      "url": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000109.html"
    },
    {
      "type": "WEB",
      "url": "http://basercms.com"
    },
    {
      "type": "WEB",
      "url": "http://burgereditor.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P39H-6928-4FQ5

Vulnerability from github – Published: 2023-08-03 18:30 – Updated: 2024-04-04 06:31
VLAI
Details

An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-38948"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-03T16:15:12Z",
    "severity": "HIGH"
  },
  "details": "An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin.",
  "id": "GHSA-p39h-6928-4fq5",
  "modified": "2024-04-04T06:31:58Z",
  "published": "2023-08-03T18:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38948"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/CTF-hacker/pwn/issues/I7LI4E"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P4Q4-268X-8WF9

Vulnerability from github – Published: 2023-08-03 12:31 – Updated: 2024-04-04 06:31
VLAI
Details

In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer, no filtering of certain file types is performed here. As a result, the integrity of the CODESYS control runtime system may be compromised by the files loaded onto the controller.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-37551"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-03T12:15:10Z",
    "severity": "MODERATE"
  },
  "details": "In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer, no filtering of certain file types is performed here. As a result, the integrity of the CODESYS control runtime system may be compromised by the files loaded onto the controller.",
  "id": "GHSA-p4q4-268x-8wf9",
  "modified": "2024-04-04T06:31:05Z",
  "published": "2023-08-03T12:31:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37551"
    },
    {
      "type": "WEB",
      "url": "https://cert.vde.com/en/advisories/VDE-2023-019"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P4RQ-6JPQ-3WQJ

Vulnerability from github – Published: 2025-09-02 21:30 – Updated: 2025-09-02 21:30
VLAI
Details

CData API Server MySQL Misconfiguration Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of CData API Server. Authentication is required to exploit this vulnerability.

The specific flaw exists within the usage of MySQL connections. When connecting to a MySQL server, the product enables an option that gives the MySQL server permission to request local files from the MySQL client. An attacker can leverage this vulnerability to disclose information in the context of NETWORK SERVICE. Was ZDI-CAN-23950.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-9273"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-02T20:15:39Z",
    "severity": "MODERATE"
  },
  "details": "CData API Server MySQL Misconfiguration Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of CData API Server. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the usage of MySQL connections. When connecting to a MySQL server, the product enables an option that gives the MySQL server permission to request local files from the MySQL client. An attacker can leverage this vulnerability to disclose information in the context of NETWORK SERVICE. Was ZDI-CAN-23950.",
  "id": "GHSA-p4rq-6jpq-3wqj",
  "modified": "2025-09-02T21:30:59Z",
  "published": "2025-09-02T21:30:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9273"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-852"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P58C-Q354-6C4F

Vulnerability from github – Published: 2026-05-11 18:31 – Updated: 2026-05-18 14:51
VLAI
Summary
pgAdmin 4 contains local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities
Details

Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4 LLM API configuration endpoints.

User-supplied api_key_file and api_url preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by pointing api_key_file at any path readable by the pgAdmin process, or coerce pgAdmin into making requests to internal targets (e.g. cloud metadata services such as 169.254.169.254) by setting api_url, exploiting the chat path and model-list endpoints.

Fix restricts api_key_file to the user's private storage (server mode) or home directory (desktop mode), enforces a printable-ASCII key shape and a 1024-byte read cap, and gates api_url against a configurable allow-list (config.ALLOWED_LLM_API_URLS) at every entry point.

This issue affects pgAdmin 4: before 9.15.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "pgadmin4"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-7817"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-18T14:51:08Z",
    "nvd_published_at": "2026-05-11T16:17:38Z",
    "severity": "HIGH"
  },
  "details": "Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4 LLM API configuration endpoints.\n\nUser-supplied api_key_file and api_url preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by pointing api_key_file at any path readable by the pgAdmin process, or coerce pgAdmin into making requests to internal targets (e.g. cloud metadata services such as 169.254.169.254) by setting api_url, exploiting the chat path and model-list endpoints.\n\nFix restricts api_key_file to the user\u0027s private storage (server mode) or home directory (desktop mode), enforces a printable-ASCII key shape and a 1024-byte read cap, and gates api_url against a configurable allow-list (config.ALLOWED_LLM_API_URLS) at every entry point.\n\nThis issue affects pgAdmin 4: before 9.15.",
  "id": "GHSA-p58c-q354-6c4f",
  "modified": "2026-05-18T14:51:08Z",
  "published": "2026-05-11T18:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7817"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pgadmin-org/pgadmin4/issues/9900"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pgadmin-org/pgadmin4/commit/24485fe96"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/pgadmin-org/pgadmin4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "pgAdmin 4 contains local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities"
}

GHSA-P7F5-95M3-2FW7

Vulnerability from github – Published: 2023-11-06 21:31 – Updated: 2023-11-14 18:30
VLAI
Details

The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-4930"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-06T21:15:09Z",
    "severity": "MODERATE"
  },
  "details": "The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.",
  "id": "GHSA-p7f5-95m3-2fw7",
  "modified": "2023-11-14T18:30:23Z",
  "published": "2023-11-06T21:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4930"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/c73b3276-e6f1-4f22-a888-025e5d0504f2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P7HH-R4JX-72FM

Vulnerability from github – Published: 2024-07-22 21:30 – Updated: 2024-09-10 21:31
VLAI
Details

Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue affects ProcessPlus: through 1.11.6507.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-6911"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-22T21:15:05Z",
    "severity": "HIGH"
  },
  "details": "Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue affects ProcessPlus: through 1.11.6507.0.",
  "id": "GHSA-p7hh-r4jx-72fm",
  "modified": "2024-09-10T21:31:38Z",
  "published": "2024-07-22T21:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6911"
    },
    {
      "type": "WEB",
      "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-perten-processplus"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Jul/13"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.

CAPEC-150: Collect Data from Common Resource Locations

An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.

CAPEC-639: Probe System Files

An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.