Description
The Drupal Backup Migrate directory is publicly accessible from the internet. This directory contains a list of Drupal site backups.
This directory also contains a test file named test.txt with a fixed content this file should not be publicly accessible. The scanner confirmed that it's possible to read the contents of this file from the internet. This indicates there is a very high probability that the Drupal site backup files stored in the same directory are also publicly accessible.
Remediation
Restrict access to the Drupal Backup Migrate directory so it's not publicly accessible from the internet.
References
Related Vulnerabilities
WordPress Plugin RB Agency Local File Disclosure (2.4.7)
WordPress Plugin Advanced XML Reader XML External Entity Information Disclosure (0.3.4)
WordPress Plugin BackupBuddy Information Disclosure (2.2.28)
Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2)
WordPress Plugin Swim Team Arbitrary File Download (1.44.1077)