Description

Application errors or warning messages may disclose sensitive information about an application's internal workings to an attacker.

Acunetix found one or more fully qualified path names that may disclose a web server's file system structure. Consult the 'Attack details' section for more information about the affected page.

Remediation

Properly configure the application not to disclose information about an application's internal workings to the user.

References

Full Path Disclosure - OWASP Foundation

Related Vulnerabilities

SAP ICF /sap/public/info sensitive information disclosure

WordPress Plugin AI ChatBot Information Disclosure (4.8.9)

Subresource Integrity (SRI) Not Implemented

Unrestricted access to Haproxy Data Plane API

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-17671)

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Error Handling Information Disclosure