Description

The Drupal Backup Migrate directory is publicly accessible from the internet. This directory contains a list of Drupal site backups.

This directory also contains a test file named test.txt with a fixed content this file should not be publicly accessible. The scanner confirmed that it's possible to read the contents of this file from the internet. This indicates there is a very high probability that the Drupal site backup files stored in the same directory are also publicly accessible.

Remediation

Restrict access to the Drupal Backup Migrate directory so it's not publicly accessible from the internet.

References

Backup and Migrate

Related Vulnerabilities

Drupal Core 8.8.x Information Disclosure (8.8.0 - 8.8.9)

Trace.axd Detected

Node.js Running in Development Mode

WordPress Plugin Metform Elementor Contact Form Builder-Flexible and Design-Friendly Contact Form builder for WordPress Information Disclosure (2.1.3)

Jira Unauthorized User Enumeration (CVE-2020-14181)

Severity

High

Classification

CWE-538 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure