CWE-538
AllowedInsertion of Sensitive Information into Externally-Accessible File or Directory
Abstraction: Base · Status: Draft
The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.
155 vulnerabilities reference this CWE, most recent first.
GHSA-RH59-VGH2-8M84
Vulnerability from github – Published: 2025-01-07 18:30 – Updated: 2026-04-01 18:33Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.7.7.
{
"affected": [],
"aliases": [
"CVE-2025-22306"
],
"database_specific": {
"cwe_ids": [
"CWE-538"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-07T17:15:32Z",
"severity": "MODERATE"
},
"details": "Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.7.7.",
"id": "GHSA-rh59-vgh2-8m84",
"modified": "2026-04-01T18:33:05Z",
"published": "2025-01-07T18:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22306"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/link-whisper/vulnerability/wordpress-link-whisper-free-plugin-0-7-7-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RM97-X556-Q36H
Vulnerability from github – Published: 2024-02-24 06:30 – Updated: 2024-08-28 21:58Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "sanitize-html"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.12.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-21501"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-538"
],
"github_reviewed": true,
"github_reviewed_at": "2024-03-01T16:55:53Z",
"nvd_published_at": "2024-02-24T05:15:44Z",
"severity": "MODERATE"
},
"details": "Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server.",
"id": "GHSA-rm97-x556-q36h",
"modified": "2024-08-28T21:58:16Z",
"published": "2024-02-24T06:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21501"
},
{
"type": "WEB",
"url": "https://github.com/apostrophecms/sanitize-html/pull/650"
},
{
"type": "WEB",
"url": "https://github.com/apostrophecms/sanitize-html/commit/c5dbdf77fe8b836d3bf4554ea39edb45281ec0b4"
},
{
"type": "WEB",
"url": "https://gist.github.com/Slonser/8b4d061abe6ee1b2e10c7242987674cf"
},
{
"type": "WEB",
"url": "https://github.com/apostrophecms/apostrophe/discussions/4436"
},
{
"type": "PACKAGE",
"url": "https://github.com/apostrophecms/sanitize-html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EB5JPYRCTS64EA5AMV3INHDPI6I4AW7"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4I5X6V3LYUNBMZ5YOW4BV427TH3IK4S"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6276557"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "sanitize-html Information Exposure vulnerability"
}
GHSA-VJQC-8HQX-GPV2
Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2024-04-04 01:28cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406).
{
"affected": [],
"aliases": [
"CVE-2018-20932"
],
"database_specific": {
"cwe_ids": [
"CWE-538"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-01T16:15:00Z",
"severity": "MODERATE"
},
"details": "cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406).",
"id": "GHSA-vjqc-8hqx-gpv2",
"modified": "2024-04-04T01:28:37Z",
"published": "2022-05-24T16:52:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20932"
},
{
"type": "WEB",
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VX85-MJ8C-4QM6
Vulnerability from github – Published: 2019-01-17 13:56 – Updated: 2023-09-11 18:30The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.thrift:libthrift"
},
"ranges": [
{
"events": [
{
"introduced": "0.9.2"
},
{
"fixed": "0.12.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-11798"
],
"database_specific": {
"cwe_ids": [
"CWE-538"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:58:46Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path.",
"id": "GHSA-vx85-mj8c-4qm6",
"modified": "2023-09-11T18:30:27Z",
"published": "2019-01-17T13:56:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11798"
},
{
"type": "WEB",
"url": "https://github.com/apache/thrift/pull/1606"
},
{
"type": "WEB",
"url": "https://github.com/apache/thrift/commit/2a2b72f6c8aef200ecee4984f011e06052288ff2"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1545"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3140"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-vx85-mj8c-4qm6"
},
{
"type": "WEB",
"url": "https://issues.apache.org/jira/browse/THRIFT-4647"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/6e9edd282684896cedf615fb67a02bebfe6007f2d5baf03ba52e34fd@%3Cuser.thrift.apache.org%3E"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20200227094236/http://www.securityfocus.com/bid/106501"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Apache Thrift Node.js static web server sandbox escape"
}
GHSA-VXF2-8CQ4-X49Q
Vulnerability from github – Published: 2026-04-12 15:30 – Updated: 2026-04-12 15:30Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET request. Attackers can access the rom-0 endpoint without authentication to retrieve and decompress the backup file, exposing router passwords and other sensitive configuration data.
{
"affected": [],
"aliases": [
"CVE-2019-25706"
],
"database_specific": {
"cwe_ids": [
"CWE-538"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-12T13:16:33Z",
"severity": "HIGH"
},
"details": "Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET request. Attackers can access the rom-0 endpoint without authentication to retrieve and decompress the backup file, exposing router passwords and other sensitive configuration data.",
"id": "GHSA-vxf2-8cq4-x49q",
"modified": "2026-04-12T15:30:26Z",
"published": "2026-04-12T15:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25706"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/46132"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/across-dr-810-rom-0-unauthenticated-file-disclosure"
},
{
"type": "WEB",
"url": "http://www.ac.i8i.ir"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-W2X4-H6C7-M6MH
Vulnerability from github – Published: 2025-10-27 21:30 – Updated: 2025-10-27 21:30Dell SupportAssist OS Recovery, versions prior to 5.5.15.0, contain an Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
{
"affected": [],
"aliases": [
"CVE-2025-46602"
],
"database_specific": {
"cwe_ids": [
"CWE-538"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-27T19:16:03Z",
"severity": "MODERATE"
},
"details": "Dell SupportAssist OS Recovery, versions prior to 5.5.15.0, contain an Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.",
"id": "GHSA-w2x4-h6c7-m6mh",
"modified": "2025-10-27T21:30:27Z",
"published": "2025-10-27T21:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46602"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000382443/dsa-2025-403"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W5HH-GH28-CPPG
Vulnerability from github – Published: 2025-01-10 18:31 – Updated: 2025-01-10 18:31During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms. Publicly available source code of "/registered.php" discloses that path, allowing an attacker to attempt further attacks.
This issue affects MegaBIP software versions below 5.15
{
"affected": [],
"aliases": [
"CVE-2024-6880"
],
"database_specific": {
"cwe_ids": [
"CWE-538"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-10T18:15:26Z",
"severity": "MODERATE"
},
"details": "During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms.\u00a0\nPublicly available source code of \"/registered.php\" discloses that path, allowing an attacker to attempt further attacks.\u00a0\u00a0\n\nThis issue affects MegaBIP software versions below 5.15",
"id": "GHSA-w5hh-gh28-cppg",
"modified": "2025-01-10T18:31:41Z",
"published": "2025-01-10T18:31:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6880"
},
{
"type": "WEB",
"url": "https://cert.pl/en/posts/2024/09/CVE-2024-6680"
},
{
"type": "WEB",
"url": "https://megabip.pl"
},
{
"type": "WEB",
"url": "https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-W9J7-W28P-W5PQ
Vulnerability from github – Published: 2022-05-14 01:57 – Updated: 2022-05-14 01:57Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to download non-purchased course files via a modified id parameter.
{
"affected": [],
"aliases": [
"CVE-2018-16970"
],
"database_specific": {
"cwe_ids": [
"CWE-538"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-12T20:29:00Z",
"severity": "MODERATE"
},
"details": "Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to download non-purchased course files via a modified id parameter.",
"id": "GHSA-w9j7-w28p-w5pq",
"modified": "2022-05-14T01:57:32Z",
"published": "2022-05-14T01:57:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16970"
},
{
"type": "WEB",
"url": "https://blog.ziaurrashid.com/wisetail-learning-ecosystem-multiple-idor-vunlerability"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W9R4-6F5Q-P5H9
Vulnerability from github – Published: 2024-01-02 21:30 – Updated: 2024-01-02 21:30A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/uploads/. The manipulation leads to file and directory information exposure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249504.
{
"affected": [],
"aliases": [
"CVE-2024-0191"
],
"database_specific": {
"cwe_ids": [
"CWE-538"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-02T20:15:10Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/uploads/. The manipulation leads to file and directory information exposure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249504.",
"id": "GHSA-w9r4-6f5q-p5h9",
"modified": "2024-01-02T21:30:26Z",
"published": "2024-01-02T21:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0191"
},
{
"type": "WEB",
"url": "https://mega.nz/file/uZt00bIA#uqwP2WkWK5kbKOUbRrgbZY4_-4enuhFw5O9LtJ_cclY"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.249504"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.249504"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WF7G-3PCC-4W4X
Vulnerability from github – Published: 2022-05-17 04:47 – Updated: 2025-09-19 21:31The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL.
{
"affected": [],
"aliases": [
"CVE-2014-0772"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-538"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-04-12T04:37:00Z",
"severity": "MODERATE"
},
"details": "The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL.",
"id": "GHSA-wf7g-3pcc-4w4x",
"modified": "2025-09-19T21:31:14Z",
"published": "2022-05-17T04:47:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0772"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-079-03"
},
{
"type": "WEB",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03"
},
{
"type": "WEB",
"url": "http://webaccess.advantech.com"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/66740"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
Do not expose file and directory information to the user.
CAPEC-95: WSDL Scanning
This attack targets the WSDL interface made available by a web service. The attacker may scan the WSDL interface to reveal sensitive information about invocation patterns, underlying technology implementations and associated vulnerabilities. This type of probing is carried out to perform more serious attacks (e.g. parameter tampering, malicious content injection, command injection, etc.). WSDL files provide detailed information about the services ports and bindings available to consumers. For instance, the attacker can submit special characters or malicious content to the Web service and can cause a denial of service condition or illegal access to database records. In addition, the attacker may try to guess other private methods by using the information provided in the WSDL files.