Description

One or more possibly sensitive directories were found. These resources are not directly linked from the website. This check looks for common sensitive resources like backup directories, database dumps, administration pages, temporary directories. Each one of these directories could help an attacker to learn more about his target.

Remediation

Restrict access to these directories or remove them from the website.

References

Web Server Security and Database Server Security

Related Vulnerabilities

Nginx memory disclosure with specially crafted HTTP backend responses

TCExam Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-5743)

WordPress Plugin Gallery by BestWebSoft Arbitrary File Disclosure (3.8.3)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Information Disclosure (1.2.5)

WordPress Plugin Share Drafts Publicly Information Disclosure (1.1.4)

Severity

Low

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure