CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory
BaseDraft
Description
The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-95
CVEs mapped to this weakness (36)
page 2 of 2| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-22633 | Med | 0.38 | 5.8 | 0.00 | Feb 23, 2025 | Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in StellarWP Give – Divi Donation Modules give-donation-modules-for-divi allows Retrieve Embedded Sensitive Data.This issue affects Give – Divi Donation Modules: from n/a through <= 2.0.0. | |
| CVE-2025-24689 | Med | 0.38 | 5.9 | 0.00 | Jan 27, 2025 | Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta allows Retrieve Embedded Sensitive Data.This issue affects Import and export users and customers: from n/a through <= 1.27.12. | |
| CVE-2025-12699 | Med | 0.36 | 5.5 | 0.00 | Feb 10, 2026 | The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields (run number, incident, call sign, notes) are interpreted as HTML/JS when the app prints or renders that content. In the proof of concept (POC), injected scripts return local file content, which would allow arbitrary local file reads from the app's runtime context. These local files contain device and user data within the ePCR medical application, and if exposed, would allow an attacker to access protected health information (PHI) or device telemetry. | |
| CVE-2017-9947 | Med | 0.35 | 5.3 | 0.08 | Oct 23, 2017 | A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices. | |
| CVE-2026-7071 | Med | 0.34 | 5.3 | 0.00 | Apr 27, 2026 | A security vulnerability has been detected in CodeAstro Online Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /users/user-cvs/. The manipulation leads to file and directory information exposure. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | |
| CVE-2026-6160 | Med | 0.34 | 5.3 | 0.00 | Apr 13, 2026 | A vulnerability was found in code-projects Simple ChatBox 1.0. Affected by this issue is the function SimpleChatbox_PHP of the file chatbox.sql of the component Endpoint. Performing a manipulation results in file and directory information exposure. It is possible to initiate the attack remotely. The exploit has been made public and could be used. | |
| CVE-2025-11891 | Med | 0.34 | 5.3 | 0.00 | Nov 11, 2025 | The Shelf Planner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files. | |
| CVE-2025-22773 | Med | 0.34 | 5.3 | 0.00 | Jan 15, 2025 | Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in WP Chill Htaccess File Editor htaccess-file-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Htaccess File Editor: from n/a through <= 1.0.19. | |
| CVE-2025-22306 | Med | 0.34 | 5.3 | 0.00 | Jan 7, 2025 | Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Spencer Haws Link Whisper Free link-whisper.This issue affects Link Whisper Free: from n/a through <= 0.7.7. | |
| CVE-2026-2817 | Med | 0.29 | 4.4 | 0.00 | Feb 19, 2026 | Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another user’s extracted snapshot contents, leading to unintended exposure of cache data. | |
| CVE-2025-8452 | Med | 0.28 | 4.3 | 0.00 | Aug 12, 2025 | By using the "uscan" protocol provided by the eSCL specification, an attacker can discover the serial number of multi-function printers that implement the Brother-provided firmware. This serial number can, in turn, can be leveraged by the flaw described by CVE-2024-51978 to calculate the default administrator password. This flaw is similar to CVE-2024-51977, with the only difference being the protocol by which an attacker can use to learn the remote device's serial number. The eSCL/uscan vector is typically only exposed on the local network. Any discovery service that implements the eSCL specification can be used to exploit this vulnerability, and one such implementation is the runZero Explorer. Changing the default administrator password will render this vulnerability virtually worthless, since the calculated default administrator password would no longer be the correct password. | |
| CVE-2026-33705 | Med | 0.27 | 5.3 | 0.00 | Apr 10, 2026 | Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files (.tpl) under /main/template/default/ are directly accessible without authentication via HTTP GET requests. These templates expose internal application logic, variable names, AJAX endpoint URLs, and admin panel structure. This vulnerability is fixed in 1.11.38. | |
| CVE-2023-5937 | Low | 0.25 | 3.8 | 0.00 | May 15, 2024 | On Windows systems, the Arc configuration files resulted to be world-readable. This can lead to information disclosure by local attackers, via exfiltration of sensitive data from configuration files. | |
| CVE-2025-52642 | Low | 0.21 | 3.3 | 0.00 | Mar 16, 2026 | HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure. | |
| CVE-2014-0772 | 0.00 | — | 0.00 | Apr 12, 2014 | The BWOCXRUN.BwocxrunCtrl.1 control contains a method named OpenUrlToBufferTimeout. This method takes a URL as a parameter and returns its contents to the caller in JavaScript. The URLs are accessed in the security context of the current browser session. The control does not perform any URL validation and allows file:// URLs that access the local disk. The method can be used to open a URL (including file URLs) and read the URLs through JavaScript. This method could also be used to reach any arbitrary URL to which the browser has access. | ||
| CVE-2014-0771 | 0.00 | — | 0.00 | Apr 12, 2014 | The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “OpenUrlToBuffer.” This method takes a URL as a parameter and returns its contents to the caller in JavaScript. The URLs are accessed in the security context of the current browser session. The control does not perform any URL validation and allows “file://” URLs that access the local disk. The method can be used to open a URL (including file URLs) and read file URLs through JavaScript. This method could also be used to reach any arbitrary URL to which the browser has access. |