Description
The Drupal Backup Migrate directory is publicly accessible from the internet. This directory contains a list of Drupal site backups.
This directory also contains a test file named test.txt with a fixed content this file should not be publicly accessible. The scanner confirmed that it's possible to read the contents of this file from the internet. This indicates there is a very high probability that the Drupal site backup files stored in the same directory are also publicly accessible.
Remediation
Restrict access to the Drupal Backup Migrate directory so it's not publicly accessible from the internet.
References
Related Vulnerabilities
WordPress Plugin Social Network Tabs Information Disclosure (1.7.1)
Apache balancer-manager application publicly accessible
[Possible] Password Transmitted over Query String
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Information Disclosure (5.1.2)
WordPress Plugin WP-Live Chat by 3CX Information Disclosure (8.0.28)