目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-548 通过目录枚举导致的信息暴露 类漏洞列表 47

CWE-548 通过目录枚举导致的信息暴露 类弱点 47 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-548 属于信息泄露漏洞,指服务器错误地暴露了包含目录内所有资源索引的目录列表。攻击者通常利用此缺陷,通过直接访问特定路径获取敏感文件、配置文件或备份数据,进而挖掘更多系统弱点。开发者应避免启用 Web 服务器的目录浏览功能,确保配置正确的访问控制策略,并定期审查目录权限,防止未授权用户通过遍历目录获取内部资源信息。

MITRE CWE 官方描述
CWE:CWE-548 通过目录列表(Directory Listing)暴露信息 英文:产品不当暴露了包含该目录内所有资源索引的目录列表(Directory Listing)。
常见影响 (1)
ConfidentialityRead Files or Directories
Exposing the contents of a directory can lead to an attacker gaining access to source code or providing useful information for the attacker to devise exploits, such as creation times of files or any information that may be encoded in file names. The directory listing may also compromise private or c…
缓解措施 (1)
Architecture and Design, System ConfigurationRecommendations include restricting access to important directories or files by adopting a need to know requirement for both the document and server root, and turning off features such as Automatic Directory Listings that could expose private files and provide information that could be utilized by an attacker when formulating or conducting an attack.
CVE ID标题CVSS风险等级Published
CVE-2023-38265 IBM Cloud Pak System 安全漏洞 — Cloud Pak System 5.3 Medium2026-02-17
CVE-2020-36921 RED-V Super Digital Signage System 安全漏洞 — RED-V Super Digital Signage System RXV-A740R 7.5 High2026-01-06
CVE-2022-50788 SOUND4多款产品 安全漏洞 — Impact/Pulse/First 7.5 High2025-12-30
CVE-2021-47718 OpenBMCS 安全漏洞 — OpenBMCS 7.5AIHighAI2025-12-09
CVE-2024-56464 IBM QRadar SIEM 安全漏洞 — IBM QRadar SIEM 2.7 Low2025-12-09
CVE-2025-13200 SourceCodester Farm Management System 安全漏洞 — Farm Management System 5.3 Medium2025-11-15
CVE-2025-62396 Moodle 安全漏洞 5.3 Medium2025-10-23
CVE-2025-27906 IBM Content Navigator 安全漏洞 — Content Navigator 5.3 Medium2025-10-14
CVE-2025-61685 Mastra 安全漏洞 — mastra 6.5 Medium2025-10-03
CVE-2025-2827 IBM Sterling File Gateway 安全漏洞 — Sterling File Gateway 4.3 Medium2025-07-08
CVE-2025-27452 Endress+Hauser MEAC300-FNADE4 安全漏洞 — Endress+Hauser MEAC300-FNADE4 5.3 Medium2025-07-03
CVE-2025-4909 SourceCodester Client Database Management System 安全漏洞 — Client Database Management System 7.3 High2025-05-19
CVE-2025-4807 SourceCodester Online Student Clearance System 安全漏洞 — Online Student Clearance System 5.3 Medium2025-05-16
CVE-2025-1138 IBM InfoSphere Information Server 安全漏洞 — InfoSphere Information Server 4.3 Medium2025-05-15
CVE-2025-23378 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 3.3 Low2025-04-10
CVE-2025-2652 SourceCodester Employee and Visitor Gate Pass Logging System 安全漏洞 — Employee and Visitor Gate Pass Logging System 5.3 Medium2025-03-23
CVE-2025-2651 SourceCodester Online Eyewear Shop 安全漏洞 — Online Eyewear Shop 5.3 Medium2025-03-23
CVE-2025-2038 Code-Projects Blood Bank Management System 安全漏洞 — Blood Bank Management System 7.3 High2025-03-06
CVE-2024-28766 IBM Security Directory Integrator和IBM Security Verify Directory Integrator 安全漏洞 — Security Directory Integrator 2.4 Low2025-01-27
CVE-2024-35113 IBM Control Center 安全漏洞 — Control Center 4.3 Medium2025-01-25
CVE-2024-8711 Food Ordering Management System 安全漏洞 — Food Ordering Management System 5.3 Medium2024-09-12
CVE-2024-45096 IBM Aspera 安全漏洞 — Aspera Faspex 6.5 Medium2024-09-05
CVE-2024-7912 CodeAstro Online Railway Reservation System 安全漏洞 — Online Railway Reservation System 5.3 Medium2024-08-18
CVE-2024-7809 SourceCodester Online Graduate Tracer System 安全漏洞 — Online Graduate Tracer System 5.3 Medium2024-08-15
CVE-2024-3707 OpenGnsys 安全漏洞 — OpenGnsys 5.3 Medium2024-04-12
CVE-2024-2340 WordPress Plugin Avada 安全漏洞 — Avada | Website Builder For WordPress & WooCommerce 5.3 Medium2024-04-09
CVE-2022-36243 Shop Beat 路径遍历漏洞 — studio 5.3 -2023-05-30
CVE-2016-15019 Jekbox 路径遍历漏洞 — jekbox 4.3 Medium2023-01-15
CVE-2014-125069 maps-js-icoads 路径遍历漏洞 — maps-js-icoads 4.3 Medium2023-01-08
CVE-2021-45446 Hitachi Pentaho Business Analytics 安全漏洞 — Pentaho Business Analytics Server 5.0 Medium2022-11-02

CWE-548(通过目录枚举导致的信息暴露) 是常见的弱点类别,本平台收录该类弱点关联的 47 条 CVE 漏洞。