VYPR

CWE-552

Files or Directories Accessible to External Parties

BaseDraft

Description

The product makes files or directories accessible to unauthorized actors, even though they should not be.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-150 · CAPEC-639

CVEs mapped to this weakness (182)

page 1 of 10
  • CVE-2017-14942CriSep 30, 2017
    risk 0.69cvss 9.8epss 0.61

    Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin:language=pt cookie.

  • CVE-2025-41240CriJul 24, 2025
    risk 0.65cvss 10.0epss 0.01

    Three Bitnami Helm charts mount Kubernetes Secrets under a predictable path (/opt/bitnami/*/secrets) that is located within the web server document root. In affected versions, this can lead to unauthenticated access to sensitive credentials via HTTP/S. A remote attacker could…

  • CVE-2023-5199CriOct 30, 2023
    risk 0.65cvss 9.9epss 0.01

    The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to include local file and…

  • CVE-2025-14771CriJun 3, 2026
    risk 0.64cvss 9.9epss 0.00

    Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.

  • CVE-2019-25709CriApr 12, 2026
    risk 0.64cvss 9.8epss 0.01

    CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete…

  • CVE-2009-10005HigAug 20, 2025
    risk 0.64cvss epss 0.01

    ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from the filesystem. By crafting a POST request to /cgi-bin/ck/mimencode with…

  • CVE-2024-0949CriJun 27, 2024
    risk 0.64cvss 9.8epss 0.01

    Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass. This issue affects Elektraweb: before v17.0.68.

  • CVE-2017-10930CriSep 19, 2017
    risk 0.64cvss 9.8epss 0.01

    The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords.

  • CVE-2017-16651HigKEVNov 9, 2017
    risk 0.62cvss 7.8epss 0.43

    Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target…

  • CVE-2026-25137CriFeb 2, 2026
    risk 0.60cvss 9.1epss 0.10

    The NixOs Odoo package is an open source ERP and CRM system. From 21.11 to before 25.11 and 26.05, every NixOS based Odoo setup publicly exposes the database manager without any authentication. This allows unauthorized actors to delete and download the entire database, including…

  • CVE-2025-34110CriJul 15, 2025
    risk 0.60cvss epss 0.01

    A directory traversal vulnerability exists in ColoradoFTP Server ≤ 1.3 Build 8 for Windows, allowing unauthenticated attackers to read or write arbitrary files outside the configured FTP root directory. The flaw is due to insufficient sanitation of user-supplied file paths in…

  • CVE-2024-6878CriSep 18, 2024
    risk 0.60cvss epss 0.00

    Files or Directories Accessible to External Parties vulnerability in Eliz Software Panel allows Collect Data from Common Resource Locations. This issue affects Panel: before v2.3.24.

  • CVE-2026-31216CriMay 12, 2026
    risk 0.59cvss 9.1epss 0.00

    The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API. The DELETE /storage/{object_name:path} endpoint lacks authentication, authorization, and input validation mechanisms. Unauthenticated remote…

  • CVE-2026-31215CriMay 12, 2026
    risk 0.59cvss 9.1epss 0.00

    The nexent v1.7.5.2 backend service contains an unauthorized arbitrary file deletion vulnerability in its ElasticSearch service interface. The DELETE /{index_name}/documents endpoint lacks proper authentication and authorization controls and does not validate the user-supplied…

  • CVE-2026-40631HigMay 13, 2026
    risk 0.57cvss 8.7epss 0.00

    An authenticated attacker with the Resource Administrator or Administrator role can modify configuration objects through iControl SOAP resulting in privilege escalation.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

  • CVE-2026-33698CriApr 10, 2026
    risk 0.57cvss 9.8epss 0.00

    Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an unauthenticated attacker to modify existing files or create new files where allowed by system permissions. This…

  • CVE-2016-20025HigMar 16, 2026
    risk 0.57cvss 8.8epss 0.00

    ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace…

  • CVE-2021-4463HigNov 12, 2025
    risk 0.57cvss epss 0.01

    Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive…

  • CVE-2025-34139HigJul 25, 2025
    risk 0.57cvss epss 0.00

    A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud that could allow an unauthenticated attacker to read arbitrary files. This vulnerability affects all Experience Platform topologies (XM, XP, XC)…

  • CVE-2024-36442HigAug 22, 2024
    risk 0.57cvss 8.8epss 0.01

    cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an authenticated attacker to gain access to arbitrary files on the device's file system.