Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-552 (对外部实体的文件或目录可访问) — Vulnerability Class 198

198 vulnerabilities classified as CWE-552 (对外部实体的文件或目录可访问). AI Chinese analysis included.

CWE-552 represents a critical access control weakness where software improperly exposes files or directories to unauthorized external actors. This vulnerability typically arises when applications store sensitive data within a publicly accessible root directory, such as those used by web or FTP servers, without implementing adequate permission restrictions. Attackers exploit this flaw by directly requesting the paths of these unprotected resources, thereby gaining unauthorized access to confidential information like configuration files, user data, or source code. To prevent such breaches, developers must enforce strict access controls, ensuring that only authenticated and authorized users can retrieve specific files. Additionally, separating sensitive data from public web roots and applying robust file permission settings are essential strategies to mitigate the risk of accidental or malicious exposure to external parties.

MITRE CWE Description
The product makes files or directories accessible to unauthorized actors, even though they should not be. Web servers, FTP servers, and similar servers may store a set of files underneath a "root" directory that is accessible to the server's users. Applications may store sensitive files underneath this root without also using access control to limit which users may request those files, if any. Alternately, an application might package multiple files or directories into an archive file (e.g., ZIP or tar), but the application might not exclude sensitive files that are underneath those directories. In cloud technologies and containers, this weakness might present itself in the form of misconfigured storage accounts that can be read or written by a public or anonymous user.
Common Consequences (1)
Confidentiality, IntegrityRead Files or Directories, Modify Files or Directories
Mitigations (1)
Implementation, System Configuration, OperationWhen storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.
Examples (2)
The following Azure command updates the settings for a storage account:
az storage account update --name <storage-account> --resource-group <resource-group> --allow-blob-public-access true
Bad · Shell
az storage account update --name <storage-account> --resource-group <resource-group> --allow-blob-public-access false
Good · Shell
The following Google Cloud Storage command gets the settings for a storage account named 'BUCKET_NAME':
gsutil iam get gs://BUCKET_NAME
Informative · Shell
{ "bindings":[{ "members":[ "projectEditor: PROJECT-ID", "projectOwner: PROJECT-ID" ], "role":"roles/storage.legacyBucketOwner" }, { "members":[ "allUsers", "projectViewer: PROJECT-ID" ], "role":"roles/storage.legacyBucketReader" } ] }
Bad · JSON
CVE IDTitleCVSSSeverityPublished
CVE-2025-7389 Unauthorized Arbitrary File Read via RMI in AdminServer Interface — OpenEdge 6.5 -2026-04-14
CVE-2019-25709 CF Image Hosting Script 1.6.5 Unauthorized Database Access — CF Image Hosting Script 9.8 Critical2026-04-12
CVE-2026-33698 Chamilo LMS affected by unauthenticated RCE in main/install folder — chamilo-lms 9.8 -2026-04-10
CVE-2021-47960 Synology SSL VPN Client 安全漏洞 — Synology SSL VPN Client 6.5 Medium2026-04-10
CVE-2026-35446 LORIS has a path traversal in FilesDownloadHandler — Loris 7.7 High2026-04-08
CVE-2026-34392 LORIS has a path traversal in static router — Loris 7.5 High2026-04-08
CVE-2026-34361 HAPI FHIR: Unauthenticated SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft — org.hl7.fhir.core 9.3 Critical2026-03-31
CVE-2026-4900 code-projects Online Food Ordering System localhost.sql privilege escalation — Online Food Ordering System 5.3 Medium2026-03-26
CVE-2021-4474 Ruckus AP CLI Arbitrary File Read Allows Authenticated Remote File Access — RUCKUS Access Point 4.9 Medium2026-03-26
CVE-2026-4760 Potential unauthorized access to files on the Web HMI server host — Panorama Suite 7.5 -2026-03-25
CVE-2026-4532 code-projects Simple Food Ordering System Database Backup food.sql file access — Simple Food Ordering System 5.3 Medium2026-03-22
CVE-2016-20025 ZKTeco ZKAccess Professional 3.5.3 Privilege Escalation via Insecure Permissions — ZKTeco ZKAccess Professional 8.8 High2026-03-15
CVE-2026-29066 Arbitrary File Read via Disabled Vite Filesystem Restriction in TinaCMS CLI — cli 6.2 Medium2026-03-12
CVE-2018-25164 EverSync 0.5 Arbitrary File Download via files Directory — EverSync 7.5 High2026-03-06
CVE-2026-2331 CVE-2026-2331 — SICK Lector85x 9.8 Critical2026-03-06
CVE-2026-2330 CVE-2026-2330 — SICK Lector85x 9.4 Critical2026-03-06
CVE-2026-24732 Improper permission checks in Extension:NSFileRepo — BlueSpice 6.5AIMediumAI2026-03-04
CVE-2020-37082 webERP 4.15.1 - Unauthenticated Backup File Access — webERP 9.8 Critical2026-02-03
CVE-2026-25137 NixOs Odoo database and filestore publicly accessible with default odoo configuration — nixpkgs 9.1 Critical2026-02-02
CVE-2025-12648 WP-Members Membership Plugin <= 3.5.4.4 - Unauthenticated Information Exposure via Unprotected Files — WP-Members Membership Plugin 5.3 Medium2026-01-07
CVE-2025-15153 PbootCMS SQLite Database pbootcms.db file access — PbootCMS 3.7 Low2025-12-28
CVE-2019-25239 V-SOL GPON/EPON OLT Platform 2.03 Unauthenticated Configuration Download — GPON/EPON OLT Platform 7.5 High2025-12-24
CVE-2018-25145 Microhard Systems IPn4G 1.1.0 Configuration Disclosure via Authenticated Download — Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Configuration Download 6.5 Medium2025-12-24
CVE-2025-14896 kroki 安全漏洞 — kroki 7.5 High2025-12-18
CVE-2025-14697 Shenzhen Sixun Software Sixun Shanghui Group Business Management System ExportFiles file access — Sixun Shanghui Group Business Management System 3.7 Low2025-12-15
CVE-2025-14442 Secure Copy Content Protection and Content Locking <= 4.9.2 - Unauthenticated Sensitive Information Exposure via Exposed CSV Export File — Secure Copy Content Protection and Content Locking 5.3 Medium2025-12-12
CVE-2025-12747 Tainacan <= 1.0.0 - Unauthenticated Information Exposure — Tainacan 5.3 Medium2025-11-21
CVE-2025-12894 Import WP – Export and Import CSV and XML files to WordPress <= 2.14.17 - Unauthenticated Information Exposure — Import WP – Export and Import CSV and XML files to WordPress 5.3 Medium2025-11-21
CVE-2021-4463 Longjing Technology BEMS API <= 1.21 Remote Arbitrary File Download — BEMS API 7.5 -2025-11-12
CVE-2025-11959 Improper Access Control in Premierturk's Excavation Management Information System — Excavation Management Information System 8.1 High2025-11-11

Vulnerabilities classified as CWE-552 (对外部实体的文件或目录可访问) represent 198 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.