VYPR

CWE-530

Exposure of Backup File to an Unauthorized Control Sphere

VariantIncomplete

Description

A backup file is stored in a directory or archive that is made accessible to unauthorized actors.

Often, older backup files are renamed with an extension such as .~bk to distinguish them from production files. The source code for old files that have been renamed in this manner and left in the webroot can often be retrieved. This renaming may have been performed automatically by the web server, or manually by the administrator.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (7)

  • CVE-2024-12330HigJan 9, 2025
    risk 0.49cvss 7.5epss 0.00

    The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.3 via publicly accessible back-up files. This makes it possible for unauthenticated…

  • CVE-2024-56462HigMay 27, 2026
    risk 0.47cvss 7.2epss 0.00

    IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a malicious backup archive that could be restored and used to gain access to the underlying operating system.

  • CVE-2024-3430LowApr 7, 2024
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was found in QKSMS up to 3.9.4 on Android. It has been classified as problematic. This affects an unknown part of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup file to an unauthorized control…

  • CVE-2024-3128LowApr 1, 2024
    risk 0.16cvss 2.4epss 0.00

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in Replify-Messenger 1.0 on Android. This issue affects some unknown processing of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to…

  • CVE-2024-3124LowApr 1, 2024
    risk 0.16cvss 2.4epss 0.00

    A vulnerability classified as problematic has been found in fridgecow smartalarm 1.8.1 on Android. This affects an unknown part of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup file to an unauthorized control…

  • CVE-2024-2567LowMar 17, 2024
    risk 0.12cvss 1.8epss 0.00

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in jurecapuder AndroidWeatherApp 1.0.0 on Android. Affected is an unknown function of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to…

  • CVE-2026-2974LowFeb 23, 2026
    risk 0.09cvss 2.5epss 0.00

    A vulnerability was identified in AliasVault App up to 0.25.3 on Android/iOS. This vulnerability affects unknown code of the file shared_prefs/aliasvault.xml of the component Backup Handler. The manipulation of the argument accessToken/refreshToken/metadata/key_derivation_params/…