Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-548 (通过目录枚举导致的信息暴露) — Vulnerability Class 47

47 vulnerabilities classified as CWE-548 (通过目录枚举导致的信息暴露). AI Chinese analysis included.

CWE-548 represents an information exposure weakness where a software product inappropriately reveals a directory listing, effectively indexing all resources contained within a specific folder. This vulnerability is typically exploited by attackers who manually navigate to the affected URL or use automated scripts to enumerate sensitive files, such as configuration backups, source code, or internal documents, without requiring authentication. By exposing this metadata, organizations inadvertently provide adversaries with valuable intelligence for further attacks, including credential harvesting or targeted exploitation of known vulnerabilities. To prevent this, developers must explicitly disable directory indexing on web servers and configure access control lists to restrict unauthorized browsing. Additionally, implementing proper authentication mechanisms and regularly auditing web server configurations ensures that only authorized users can access specific resources, thereby mitigating the risk of unintended data disclosure.

MITRE CWE Description
The product inappropriately exposes a directory listing with an index of all the resources located inside of the directory.
Common Consequences (1)
ConfidentialityRead Files or Directories
Exposing the contents of a directory can lead to an attacker gaining access to source code or providing useful information for the attacker to devise exploits, such as creation times of files or any information that may be encoded in file names. The directory listing may also compromise private or c…
Mitigations (1)
Architecture and Design, System ConfigurationRecommendations include restricting access to important directories or files by adopting a need to know requirement for both the document and server root, and turning off features such as Automatic Directory Listings that could expose private files and provide information that could be utilized by an attacker when formulating or conducting an attack.
CVE IDTitleCVSSSeverityPublished
CVE-2023-38265 Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ] — Cloud Pak System 5.3 Medium2026-02-17
CVE-2020-36921 RED-V Super Digital Signage System 5.1.1 Log Information Disclosure Vulnerability — RED-V Super Digital Signage System RXV-A740R 7.5 High2026-01-06
CVE-2022-50788 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Information Disclosure via Log Directory — Impact/Pulse/First 7.5 High2025-12-30
CVE-2021-47718 OpenBMCS Directory Listing Information Disclosure — OpenBMCS 7.5AIHighAI2025-12-09
CVE-2024-56464 IBM QRadar SIEM is affected by an information disclosure vulnerability — IBM QRadar SIEM 2.7 Low2025-12-09
CVE-2025-13200 SourceCodester Farm Management System exposure of information through directory listing — Farm Management System 5.3 Medium2025-11-15
CVE-2025-62396 Moodle: router (r.php) could expose application directories 5.3 Medium2025-10-23
CVE-2025-27906 IBM Content Navigator information disclosure — Content Navigator 5.3 Medium2025-10-14
CVE-2025-61685 Mastra Docs MCP Server `@mastra/mcp-docs-server` Leads to Information Exposure — mastra 6.5 Medium2025-10-03
CVE-2025-2827 IBM Sterling File Gateway information disclosure — Sterling File Gateway 4.3 Medium2025-07-08
CVE-2025-27452 CVE-2025-27452 — Endress+Hauser MEAC300-FNADE4 5.3 Medium2025-07-03
CVE-2025-4909 SourceCodester Client Database Management System exposure of information through directory listing — Client Database Management System 7.3 High2025-05-19
CVE-2025-4807 SourceCodester Online Student Clearance System exposure of information through directory listing — Online Student Clearance System 5.3 Medium2025-05-16
CVE-2025-1138 IBM Information Server information disclosure — InfoSphere Information Server 4.3 Medium2025-05-15
CVE-2025-23378 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 3.3 Low2025-04-10
CVE-2025-2652 SourceCodester Employee and Visitor Gate Pass Logging System exposure of information through directory listing — Employee and Visitor Gate Pass Logging System 5.3 Medium2025-03-23
CVE-2025-2651 SourceCodester Online Eyewear Shop admin exposure of information through directory listing — Online Eyewear Shop 5.3 Medium2025-03-23
CVE-2025-2038 code-projects Blood Bank Management System upload exposure of information through directory listing — Blood Bank Management System 7.3 High2025-03-06
CVE-2024-28766 IBM Security Directory Integrator information disclosure — Security Directory Integrator 2.4 Low2025-01-27
CVE-2024-35113 IBM Control Center information disclosure — Control Center 4.3 Medium2025-01-25
CVE-2024-8711 SourceCodester Food Ordering Management System includes exposure of information through directory listing — Food Ordering Management System 5.3 Medium2024-09-12
CVE-2024-45096 IBM Aspera Faspex information disclosure — Aspera Faspex 6.5 Medium2024-09-05
CVE-2024-7912 CodeAstro Online Railway Reservation System assets exposure of information through directory listing — Online Railway Reservation System 5.3 Medium2024-08-18
CVE-2024-7809 SourceCodester Online Graduate Tracer System nbproject exposure of information through directory listing — Online Graduate Tracer System 5.3 Medium2024-08-15
CVE-2024-3707 Exposure of Information Through Directory Listing vulnerability in OpenGnsys — OpenGnsys 5.3 Medium2024-04-12
CVE-2024-2340 Avada <= 7.11.6 - Unauthenticated Sensitive Information Exposure via Form Uploads Directory Listing — Avada | Website Builder For WordPress & WooCommerce 5.3 Medium2024-04-09
CVE-2022-36243 Directory Traversal on Shop Beat Services — studio 5.3 -2023-05-30
CVE-2016-15019 tombh jekbox server.rb exposure of information through directory listing — jekbox 4.3 Medium2023-01-15
CVE-2014-125069 saxman maps-js-icoads exposure of information through directory listing — maps-js-icoads 4.3 Medium2023-01-08
CVE-2021-45446 Pentaho Business Analytics Server - Exposure of Information Through Directory Listing — Pentaho Business Analytics Server 5.0 Medium2022-11-02

Vulnerabilities classified as CWE-548 (通过目录枚举导致的信息暴露) represent 47 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.