CVE-2018-15684
Description
PHP error logs in XBTIT are stored in an open directory with predictable names, leading to path disclosure and sensitive data leakage.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
PHP error logs in XBTIT are stored in an open directory with predictable names, leading to path disclosure and sensitive data leakage.
Vulnerability
BTITeam XBTIT stores PHP error logs in the /include/logs directory using predictable file names. This directory is accessible without authentication, allowing anyone to enumerate and retrieve log files. The exact affected versions are not specified in the available references, but the issue was reported in August 2018.
Exploitation
An attacker can access the /include/logs directory directly via a web browser or automated tool. Because file names are predictable, the attacker can iterate through possible names to download error logs. No authentication or special privileges are required.
Impact
Successful exploitation leads to full path disclosure and leakage of sensitive data contained in error logs, such as database credentials, internal file paths, and other configuration details. This information can be used to further compromise the application or server.
Mitigation
No official fix has been disclosed in the available references. Administrators should restrict access to the /include/logs directory using web server configuration (e.g., .htaccess rules) or remove the directory if logging is not required. Regularly monitor for updates from the vendor.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"PHP error logs are stored in an open directory with predictable file names, allowing unauthenticated remote attackers to enumerate and read sensitive path and error information."
Attack vector
An attacker can directly browse to the `/include/logs` directory on the XBTIT installation. Because the directory listing is enabled and file names are predictable, the attacker can enumerate and read PHP error log files. These logs leak full server path information (e.g., `/var/www/xbtit/include/functions.php`) and may expose other sensitive data such as session warnings or internal error messages [ref_id=1]. No authentication or special privileges are required.
Affected code
The vulnerability resides in the `/include/logs` directory, where PHP error logs are stored with predictable file names. The advisory does not specify the exact file-naming logic, but the directory is openly accessible without any access control [ref_id=1].
What the fix does
The advisory recommends changing the base name of the log files to something unpredictable and adding an index file to the `/include/logs` directory to prevent directory listing. Alternatively, blocking access via WAF or `.htaccess` rules is suggested. No official patch is shown in the bundle, but these mitigations close the information-disclosure vector by removing predictable file names and preventing direct directory access [ref_id=1].
Preconditions
- configThe /include/logs directory must be accessible over HTTP with directory listing enabled (default configuration).
- networkNo authentication is required; the attacker only needs network access to the XBTIT web root.
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- rastating.github.io/xbtit-multiple-vulnerabilities/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.