CVE-2024-41699
4.4MEDIUM
Priority – CWE-552: Files or Directories Accessible to External Parties
Priority – CWE-552: Files or Directories Accessible to External Parties
8/20/2024CWE-552
Tipo de Debilidad
CWE-552
Todas las vulnerabilidades CVE clasificadas bajo este tipo de debilidad.
Ver en MITRE CWETotal CVEs
50
Críticos
2
En KEV
0
Con Exploits
0
CVE-2023-32226
8.3HIGH
Sysaid - CWE-552: Files or Directories Accessible to External Parties - Authenticated users may exfiltrate files from the server via an unspecified method.
Sysaid - CWE-552: Files or Directories Accessible to External Parties - Authenticated users may exfiltrate files from the server via an unspecified method.
7/30/2023CWE-552, CWE-552
CVE-2024-38429
7.5HIGH
Matrix Tafnit v8 - CWE-552: Files or Directories Accessible to External Parties
Matrix Tafnit v8 - CWE-552: Files or Directories Accessible to External Parties
7/30/2024CWE-552
CVE-2025-2222
7.8HIGH
CWE-552: Files or Directories Accessible to External Parties vulnerability over https exists that could leak information and potential privilege escalation following man in the middle attack.
CWE-552: Files or Directories Accessible to External Parties vulnerability over https exists that could leak information and potential privilege escalation following man in the middle attack.
4/9/2025CWE-552
CVE-2023-45594
6.8MEDIUM
A CWE-552 “Files or Directories Accessible to External Parties” vulnerability in the embedded Chromium browser allows a physical attacker to arbitrarily download/upload files to/from the file system,
A CWE-552 “Files or Directories Accessible to External Parties” vulnerability in the embedded Chromium browser allows a physical attacker to arbitrarily download/upload files to/from the file system, ...
3/5/2024CWE-552, CWE-552
CVE-2022-44343
7.5HIGH
CRMEB 4.4.4 is vulnerable to Any File download.
CRMEB 4.4.4 is vulnerable to Any File download.
2/6/2023CWE-552, CWE-552
CVE-2024-2052
7.5HIGH
CWE-552: Files or Directories Accessible to External Parties vulnerability exists that could allow unauthenticated files and logs exfiltration and download of files when an attacker modifies the URL
CWE-552: Files or Directories Accessible to External Parties vulnerability exists that could allow unauthenticated files and logs exfiltration and download of files when an attacker modifies the URL ...
3/18/2024CWE-552
CVE-2022-44583
7.5HIGH
Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.
Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.
11/18/2022CWE-552, CWE-552
CVE-2023-23330
7.5HIGH
amano Xparc parking solutions 7.1.3879 was discovered to be vulnerable to local file inclusion.
amano Xparc parking solutions 7.1.3879 was discovered to be vulnerable to local file inclusion.
3/28/2023CWE-552, CWE-552
CVE-2022-48094
4.9MEDIUM
lmxcms v1.41 was discovered to contain an arbitrary file read vulnerability via TemplateAction.class.php.
lmxcms v1.41 was discovered to contain an arbitrary file read vulnerability via TemplateAction.class.php.
2/1/2023CWE-552, CWE-552
CVE-2022-42234
8.8HIGH
There is a file inclusion vulnerability in the template management module in UCMS 1.6
There is a file inclusion vulnerability in the template management module in UCMS 1.6
10/14/2022CWE-552, CWE-552
CVE-2023-33517
7.5HIGH
carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary File Read on the Back-end System).
carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary File Read on the Back-end System).
10/23/2023CWE-552, CWE-552
CVE-2023-26948
7.5HIGH
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download.
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download.
3/9/2023CWE-552, CWE-552
CVE-2023-26956
7.5HIGH
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/curd/code.
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/curd/code.
3/8/2023CWE-552, CWE-552
CVE-2024-5056
6.5MEDIUM
CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files
CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files ...
6/12/2024CWE-552
CVE-2021-22769
4.3MEDIUM
A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an atta
A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an atta...
6/11/2021CWE-552
CVE-2023-2538
5.8MEDIUM
A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TLS
A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TLS...
7/5/2023CWE-552, CWE-552
CVE-2024-24161
7.5HIGH
MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered.
MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered.
2/2/2024CWE-552, CWE-552
CVE-2022-29447
6.8MEDIUM
Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Hover Effects plugin <= 2.1 at WordPress.
Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Hover Effects plugin <= 2.1 at WordPress.
5/20/2022CWE-552, CWE-552
CVE-2022-29446
6.8MEDIUM
Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Counter Box plugin <= 1.1.1 at WordPress.
Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Counter Box plugin <= 1.1.1 at WordPress.
5/19/2022CWE-552, CWE-552
CVE-2023-1246
7.5HIGH
Files or Directories Accessible to External Parties vulnerability in Saysis Starcities allows Collect Data from Common Resource Locations.This issue affects Starcities: through 1.3.
Files or Directories Accessible to External Parties vulnerability in Saysis Starcities allows Collect Data from Common Resource Locations.This issue affects Starcities: through 1.3.
3/10/2023CWE-552, CWE-552
CVE-2020-11642
7.7HIGH
The local file inclusion vulnerability present in B&R SiteManager versions <9.2.620236042 allows authenticated users to impact availability of SiteManager instances.
The local file inclusion vulnerability present in B&R SiteManager versions <9.2.620236042 allows authenticated users to impact availability of SiteManager instances.
10/15/2020CWE-552, CWE-552
CVE-2020-11641
7.7HIGH
A local file inclusion vulnerability in B&R SiteManager versions <9.2.620236042 allows authenticated users to read sensitive files from SiteManager instances.
A local file inclusion vulnerability in B&R SiteManager versions <9.2.620236042 allows authenticated users to read sensitive files from SiteManager instances.
10/15/2020CWE-552, CWE-552
CVE-2023-47612
6.8MEDIUM
A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinteri
A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinteri...
11/9/2023CWE-552, CWE-552
CVE-2023-52112
5.3MEDIUM
Unauthorized file access vulnerability in the wallpaper service module. Successful exploitation of this vulnerability may cause features to perform abnormally.
Unauthorized file access vulnerability in the wallpaper service module. Successful exploitation of this vulnerability may cause features to perform abnormally.
1/16/2024CWE-552, CWE-552
CVE-2018-10867
9.1CRITICAL
Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user.
Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user.
5/26/2021CWE-552, CWE-552
CVE-2023-26580
7.5HIGH
Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers.
Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers.
10/25/2023CWE-306, CWE-552 +2
CVE-2024-22240
4.9MEDIUM
Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information.
Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information. ...
2/6/2024CWE-552, CWE-552
CVE-2023-5101
5.3MEDIUM
Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an unprivileged remote attacker to download various files from the server via HTTP requests.
Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an unprivileged remote attacker to download various files from the server via HTTP requests.
10/9/2023CWE-552, CWE-552
CVE-2024-6911
7.5HIGH
Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue affects ProcessPlus: through 1.11.6507.0.
Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue affects ProcessPlus: through 1.11.6507.0.
7/22/2024CWE-552, CWE-552
CVE-2022-48161
7.5HIGH
Easy Images v2.0 was discovered to contain an arbitrary file download vulnerability via the component /application/down.php. This vulnerability is exploited via a crafted GET request.
Easy Images v2.0 was discovered to contain an arbitrary file download vulnerability via the component /application/down.php. This vulnerability is exploited via a crafted GET request.
2/1/2023CWE-552, CWE-552
CVE-2022-40126
7.8HIGH
A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated.
A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated.
9/29/2022CWE-552, CWE-552
CVE-2024-5262
9.8CRITICAL
Files or Directories Accessible to External Parties vulnerability in smb server in ProjectDiscovery Interactsh allows remote attackers to read/write any files in the directory and subdirectories of wh
Files or Directories Accessible to External Parties vulnerability in smb server in ProjectDiscovery Interactsh allows remote attackers to read/write any files in the directory and subdirectories of wh...
6/5/2024CWE-552, CWE-552
CVE-2023-6375
5.3MEDIUM
Tyler Technologies Court Case Management Plus may store backups in a location that can be accessed by a remote, unauthenticated attacker. Backups may contain sensitive information such as database cre
Tyler Technologies Court Case Management Plus may store backups in a location that can be accessed by a remote, unauthenticated attacker. Backups may contain sensitive information such as database cre...
11/30/2023CWE-552, CWE-552
CVE-2022-41343
7.5HIGH
registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule.
registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule.
9/25/2022CWE-552, CWE-552
CVE-2022-44356
7.5HIGH
WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data a
WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data a...
11/29/2022CWE-552, CWE-552
CVE-2022-24075
6.5MEDIUM
Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script cou
Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script cou...
3/17/2022CWE-552, CWE-552
CVE-2021-24154
4.9MEDIUM
The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web s
The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web s...
4/5/2021CWE-552, CWE-552
CVE-2024-27182
4.9MEDIUM
In Apache Linkis <= 1.5.0, Arbitrary file deletion in Basic management services on A user with an administrator account could delete any file accessible by the Linkis system user . Users are recom
In Apache Linkis <= 1.5.0, Arbitrary file deletion in Basic management services on A user with an administrator account could delete any file accessible by the Linkis system user . Users are recom...
8/2/2024CWE-552, CWE-552
CVE-2022-45052
8.8HIGH
A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the Proxy.type.php endpoint, external users are capab
A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the Proxy.type.php endpoint, external users are capab...
1/4/2023CWE-552, CWE-552
CVE-2018-10863
7.5HIGH
It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL. An un
It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL. An un...
5/26/2021CWE-552, CWE-552
CVE-2025-4909
7.3HIGH
A vulnerability classified as critical was found in SourceCodester Client Database Management System 1.0. This vulnerability affects unknown code. The manipulation leads to exposure of information thr
A vulnerability classified as critical was found in SourceCodester Client Database Management System 1.0. This vulnerability affects unknown code. The manipulation leads to exposure of information thr...
5/19/2025CWE-548, CWE-552 +1
CVE-2023-29450
8.5HIGH
JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unaut
JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unaut...
7/13/2023CWE-200, CWE-552 +1
CVE-2020-25636
6.6MEDIUM
A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have
A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have...
10/5/2020CWE-377, CWE-552 +1
CVE-2025-5273
6.5MEDIUM
All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. An attacker can craft a prompt that, once acces
All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. An attacker can craft a prompt that, once acces...
5/29/2025CWE-552, CWE-552
CVE-2023-48661
4.9MEDIUM
Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability to read arbitrary
Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability to read arbitrary ...
12/14/2023CWE-552, CWE-552
CVE-2023-3712
6.6MEDIUM
Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.
Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10....
9/12/2023CWE-552, CWE-552
CVE-2023-4475
7.5HIGH
An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and v
An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and v...
8/22/2023CWE-552, CWE-552
CVE-2022-45227
7.5HIGH
The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https://10.10.20.74/lib/. This address has a backup file which can be downloaded without any authentication.
The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https://10.10.20.74/lib/. This address has a backup file which can be downloaded without any authentication.
12/12/2022CWE-552, CWE-552
CVE-2022-1585
7.5HIGH
The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire sit
The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire sit...
8/1/2022CWE-552, CWE-552
Mostrando 50 de many CVEs