Description

The web application is based on Typo3 CMS. A sensitive file has been found. Access to such files must be restricted, as it may lead to disclosure of sensitive information about the web application.

Remediation

Restrict access to sensitive files

References

Web Server Environment

Related Vulnerabilities

WordPress Plugin Email Subscribers & Newsletters Information Disclosure (3.4.7)

WordPress Plugin Correos Woocommerce Arbitrary File Download (1.3.0.0)

Phusion Passenger Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-12027)

WordPress Plugin Simple Gmail Login Stack Trace Information Disclosure (1.1.3)

Unrestricted access to NGINX+ Dashboard

Severity

Low

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Tags

Information Disclosure Test Files