CWE-552
Files or Directories Accessible to External Parties
Description
The product makes files or directories accessible to unauthorized actors, even though they should not be.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-150 · CAPEC-639
CVEs mapped to this weakness (182)
page 3 of 10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-35169 | Hig | 0.50 | 8.7 | 0.00 | Apr 8, 2026 | LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From to before 27.0.3 and 28.0.1, the help_editor module of LORIS did not properly sanitize some user supplied… | ||
| CVE-2023-5099 | Hig | 0.50 | 8.8 | 0.01 | Oct 31, 2023 | The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to… | ||
| CVE-2026-39871 | Hig | 0.49 | 7.5 | 0.00 | May 11, 2026 | A path handling issue was addressed with improved logic. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to observe unprotected user data. | ||
| CVE-2025-69428 | Hig | 0.49 | 7.5 | 0.00 | Apr 27, 2026 | An issue in Pro-Bit before v1.77.4 allows unauthenticated attackers to directly access sensitive directory and its subdirectories. | ||
| CVE-2018-25164 | Hig | 0.49 | 7.5 | 0.00 | Mar 6, 2026 | EverSync 0.5 contains an arbitrary file download vulnerability that allows unauthenticated attackers to access sensitive files by requesting them directly from the files directory. Attackers can send GET requests to the files directory to download database files like db.sq3… | ||
| CVE-2019-25239 | Hig | 0.49 | 7.5 | 0.00 | Dec 24, 2025 | V-SOL GPON/EPON OLT Platform 2.03 contains an unauthenticated information disclosure vulnerability that allows attackers to download configuration files via direct object reference. Attackers can retrieve sensitive configuration data by sending HTTP GET requests to the… | ||
| CVE-2024-43660 | Hig | 0.49 | 7.5 | 0.01 | Jan 9, 2025 | The CGI script .sh can be used to download any file on the filesystem. This issue affects Iocharger firmware for AC model chargers beforeversion 24120701. Likelihood: High, but credentials required. Impact: Critical – The script can be used to download any file on… | ||
| CVE-2024-7107 | Hig | 0.49 | 7.5 | 0.00 | Sep 26, 2024 | Files or Directories Accessible to External Parties vulnerability in National Keep Cyber Security Services CyberMath allows Collect Data from Common Resource Locations. This issue affects CyberMath: before CYBM.240816253. | ||
| CVE-2024-7729 | Hig | 0.49 | 7.5 | 0.01 | Aug 14, 2024 | The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files. | ||
| CVE-2024-2759 | Hig | 0.49 | 7.5 | 0.01 | Apr 4, 2024 | Improper access control vulnerability in Apaczka plugin for PrestaShop allows information gathering from saved templates without authentication.This issue affects Apaczka plugin for PrestaShop from v1 through v4. | ||
| CVE-2024-2052 | — | Hig | 0.49 | 7.5 | 0.01 | Mar 18, 2024 | CWE-552: Files or Directories Accessible to External Parties vulnerability exists that could allow unauthenticated files and logs exfiltration and download of files when an attacker modifies the URL to download to a different location. | |
| CVE-2023-1246 | Hig | 0.49 | 7.5 | 0.01 | Mar 10, 2023 | Files or Directories Accessible to External Parties vulnerability in Saysis Starcities allows Collect Data from Common Resource Locations. This issue affects Starcities: through 1.3. | ||
| CVE-2018-10869 | Hig | 0.49 | 7.5 | 0.03 | Jul 19, 2018 | redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd. | ||
| CVE-2018-5112 | Hig | 0.49 | 7.5 | 0.02 | Jun 11, 2018 | Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should… | ||
| CVE-2017-12079 | Hig | 0.49 | 7.5 | 0.02 | Dec 4, 2017 | Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field. | ||
| CVE-2017-2551 | Hig | 0.49 | 7.5 | 0.02 | Sep 28, 2017 | Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download. | ||
| CVE-2017-11746 | Hig | 0.49 | 7.5 | 0.01 | Jul 30, 2017 | Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill `cat… | ||
| CVE-2025-59054 | Hig | 0.48 | — | 0.00 | Sep 12, 2025 | dstack is a software development kit (SDK) to simplify the deployment of arbitrary containerized apps into trusted execution environments. In versions of dstack prior to 0.5.4, a malicious host may provide a crafted LUKS2 data volume to a dstack CVM for use as the `/data` mount.… | ||
| CVE-2024-56462 | Hig | 0.47 | 7.2 | 0.00 | May 27, 2026 | IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a malicious backup archive that could be restored and used to gain access to the underlying operating system. | ||
| CVE-2025-58356 | Hig | 0.47 | — | 0.00 | Oct 27, 2025 | Constellation is the first Confidential Kubernetes. The Constellation CVM image uses LUKS2-encrypted volumes for persistent storage. When opening an encrypted storage device, the CVM uses the libcryptsetup function crypt_activate_by_passhrase. If the VM is successful in opening… |
- risk 0.50cvss 8.7epss 0.00
LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From to before 27.0.3 and 28.0.1, the help_editor module of LORIS did not properly sanitize some user supplied…
- risk 0.50cvss 8.8epss 0.01
The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to…
- risk 0.49cvss 7.5epss 0.00
A path handling issue was addressed with improved logic. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to observe unprotected user data.
- risk 0.49cvss 7.5epss 0.00
An issue in Pro-Bit before v1.77.4 allows unauthenticated attackers to directly access sensitive directory and its subdirectories.
- risk 0.49cvss 7.5epss 0.00
EverSync 0.5 contains an arbitrary file download vulnerability that allows unauthenticated attackers to access sensitive files by requesting them directly from the files directory. Attackers can send GET requests to the files directory to download database files like db.sq3…
- risk 0.49cvss 7.5epss 0.00
V-SOL GPON/EPON OLT Platform 2.03 contains an unauthenticated information disclosure vulnerability that allows attackers to download configuration files via direct object reference. Attackers can retrieve sensitive configuration data by sending HTTP GET requests to the…
- risk 0.49cvss 7.5epss 0.01
The CGI script .sh can be used to download any file on the filesystem. This issue affects Iocharger firmware for AC model chargers beforeversion 24120701. Likelihood: High, but credentials required. Impact: Critical – The script can be used to download any file on…
- risk 0.49cvss 7.5epss 0.00
Files or Directories Accessible to External Parties vulnerability in National Keep Cyber Security Services CyberMath allows Collect Data from Common Resource Locations. This issue affects CyberMath: before CYBM.240816253.
- risk 0.49cvss 7.5epss 0.01
The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files.
- risk 0.49cvss 7.5epss 0.01
Improper access control vulnerability in Apaczka plugin for PrestaShop allows information gathering from saved templates without authentication.This issue affects Apaczka plugin for PrestaShop from v1 through v4.
- risk 0.49cvss 7.5epss 0.01
CWE-552: Files or Directories Accessible to External Parties vulnerability exists that could allow unauthenticated files and logs exfiltration and download of files when an attacker modifies the URL to download to a different location.
- risk 0.49cvss 7.5epss 0.01
Files or Directories Accessible to External Parties vulnerability in Saysis Starcities allows Collect Data from Common Resource Locations. This issue affects Starcities: through 1.3.
- risk 0.49cvss 7.5epss 0.03
redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.
- risk 0.49cvss 7.5epss 0.02
Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should…
- risk 0.49cvss 7.5epss 0.02
Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field.
- risk 0.49cvss 7.5epss 0.02
Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download.
- risk 0.49cvss 7.5epss 0.01
Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill `cat…
- risk 0.48cvss —epss 0.00
dstack is a software development kit (SDK) to simplify the deployment of arbitrary containerized apps into trusted execution environments. In versions of dstack prior to 0.5.4, a malicious host may provide a crafted LUKS2 data volume to a dstack CVM for use as the `/data` mount.…
- risk 0.47cvss 7.2epss 0.00
IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a malicious backup archive that could be restored and used to gain access to the underlying operating system.
- risk 0.47cvss —epss 0.00
Constellation is the first Confidential Kubernetes. The Constellation CVM image uses LUKS2-encrypted volumes for persistent storage. When opening an encrypted storage device, the CVM uses the libcryptsetup function crypt_activate_by_passhrase. If the VM is successful in opening…