Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-0191

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-02 Jan, 2024 | 19:31
Updated At-03 Jun, 2025 | 14:45
Rejected At-
Credits

RRJ Nueva Ecija Engineer Online Portal file information disclosure

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/uploads/. The manipulation leads to file and directory information exposure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249504.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:02 Jan, 2024 | 19:31
Updated At:03 Jun, 2025 | 14:45
Rejected At:
▼CVE Numbering Authority (CNA)
RRJ Nueva Ecija Engineer Online Portal file information disclosure

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/uploads/. The manipulation leads to file and directory information exposure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249504.

Affected Products
Vendor
RRJ
Product
Nueva Ecija Engineer Online Portal
Versions
Affected
  • 1.0
Problem Types
TypeCWE IDDescription
CWECWE-538CWE-538 File and Directory Information Exposure
Type: CWE
CWE ID: CWE-538
Description: CWE-538 File and Directory Information Exposure
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
3.05.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2.05.0N/A
AV:N/AC:L/Au:N/C:P/I:N/A:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Version: 3.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Version: 2.0
Base score: 5.0
Base severity: N/A
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
analyst
ahmed8199 (VulDB User)
Timeline
EventDate
Advisory disclosed2024-01-02 00:00:00
VulDB entry created2024-01-02 01:00:00
VulDB entry last update2024-01-02 11:28:07
Event: Advisory disclosed
Date: 2024-01-02 00:00:00
Event: VulDB entry created
Date: 2024-01-02 01:00:00
Event: VulDB entry last update
Date: 2024-01-02 11:28:07
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.249504
vdb-entry
https://vuldb.com/?ctiid.249504
signature
permissions-required
https://mega.nz/file/uZt00bIA#uqwP2WkWK5kbKOUbRrgbZY4_-4enuhFw5O9LtJ_cclY
exploit
Hyperlink: https://vuldb.com/?id.249504
Resource:
vdb-entry
Hyperlink: https://vuldb.com/?ctiid.249504
Resource:
signature
permissions-required
Hyperlink: https://mega.nz/file/uZt00bIA#uqwP2WkWK5kbKOUbRrgbZY4_-4enuhFw5O9LtJ_cclY
Resource:
exploit
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.249504
vdb-entry
x_transferred
https://vuldb.com/?ctiid.249504
signature
permissions-required
x_transferred
https://mega.nz/file/uZt00bIA#uqwP2WkWK5kbKOUbRrgbZY4_-4enuhFw5O9LtJ_cclY
exploit
x_transferred
Hyperlink: https://vuldb.com/?id.249504
Resource:
vdb-entry
x_transferred
Hyperlink: https://vuldb.com/?ctiid.249504
Resource:
signature
permissions-required
x_transferred
Hyperlink: https://mega.nz/file/uZt00bIA#uqwP2WkWK5kbKOUbRrgbZY4_-4enuhFw5O9LtJ_cclY
Resource:
exploit
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:02 Jan, 2024 | 20:15
Updated At:17 May, 2024 | 02:34

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/uploads/. The manipulation leads to file and directory information exposure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249504.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Secondary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
nia
nia
>>rrj_nueva_ecija_engineer_online_portal>>1.0
cpe:2.3:a:nia:rrj_nueva_ecija_engineer_online_portal:1.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-538Primarycna@vuldb.com
CWE ID: CWE-538
Type: Primary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://mega.nz/file/uZt00bIA#uqwP2WkWK5kbKOUbRrgbZY4_-4enuhFw5O9LtJ_cclYcna@vuldb.com
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.249504cna@vuldb.com
Third Party Advisory
https://vuldb.com/?id.249504cna@vuldb.com
Third Party Advisory
Hyperlink: https://mega.nz/file/uZt00bIA#uqwP2WkWK5kbKOUbRrgbZY4_-4enuhFw5O9LtJ_cclY
Source: cna@vuldb.com
Resource:
Exploit
Third Party Advisory
Hyperlink: https://vuldb.com/?ctiid.249504
Source: cna@vuldb.com
Resource:
Third Party Advisory
Hyperlink: https://vuldb.com/?id.249504
Source: cna@vuldb.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

11Records found
CVE-2016-10399
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.10%
||
7 Day CHG~0.00%
Published-27 Jul, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sendio versions before 8.2.1 were affected by a Local File Inclusion vulnerability that allowed an unauthenticated, remote attacker to read potentially sensitive system files via a specially crafted URL.

Action-Not Available
Vendor-sendion/a
Product-sendion/a
CWE ID-CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory
CVE-2025-22773
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 21.38%
||
7 Day CHG+0.01%
Published-15 Jan, 2025 | 15:23
Updated-15 Jan, 2025 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Htaccess File Editor <= 1.0.19 - Broken Authentication vulnerability

Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in WPChill Htaccess File Editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Htaccess File Editor: from n/a through 1.0.19.

Action-Not Available
Vendor-WPChill
Product-Htaccess File Editor
CWE ID-CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory
CVE-2018-10590
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.46% / 62.98%
||
7 Day CHG~0.00%
Published-15 May, 2018 | 22:00
Updated-16 Sep, 2024 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible.

Action-Not Available
Vendor-Advantech (Advantech Co., Ltd.)
Product-webaccess\/nmswebaccess_dashboardwebaccesswebaccess_scadaWebAccess
CWE ID-CWE-548
Exposure of Information Through Directory Listing
CWE ID-CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory
CVE-2017-9947
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.3||MEDIUM
EPSS-30.48% / 96.54%
||
7 Day CHG~0.00%
Published-23 Oct, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices.

Action-Not Available
Vendor-n/aSiemens AG
Product-talon_tc_compact_firmwaretalon_tc_modular_firmwaretalon_tc_modularapogee_pxctalon_tc_compactapogee_pxc_modularapogee_pxc_modular_firmwareapogee_pxc_firmwareAPOGEE PXC and TALON TC BACnet Automation Controllers All versions <V3.5
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory
CVE-2024-51977
Matching Score-4
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-4
Assigner-Rapid7, Inc.
CVSS Score-5.3||MEDIUM
EPSS-51.31% / 97.80%
||
7 Day CHG+1.51%
Published-25 Jun, 2025 | 07:15
Updated-25 Jul, 2025 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated leak of sensitive information affecting multiple models from Brother Industries, Ltd., FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc.

An unauthenticated attacker who can access either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631), can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mnt_info.csv can be accessed via a GET request and no authentication is required. The returned result is a comma separated value (CSV) table of information. The leaked information includes the device’s model, firmware version, IP address, and serial number.

Action-Not Available
Vendor-Brother Industries, LtdToshiba TecFUJIFILM Business InnovationKonica Minolta, Inc.Ricoh Company, Ltd.
Product-HL-L2360DNDCP-L2531DWDCP-J4543NHL-1210WRHL-L6200DWTTD-4420DNZDCP-L6600DWMFC-L2717DWDocuPrint P260 dwMFC-7895DWDCP-L2540DNMFC-J6580CDWMFC-J3930DWDCP-L2537DWDCP-J928N-WBM 340FWMFC-L2690DWHL-L2325DWMFC-L2771DWDCP-B7535DWDCP-L2550DNRDocuPrint M275 zMFC-1911WHL-1218WDocuPrint P388 dwMFC-L5802DWPT-E550W (for China)MFC-J1170DWbizhub 5020iMFC-J6983CDWMFC-L8690CDWMFC-L6950DWHL-L2371DNPT-E550W (for Russia)HL-L5200DWTMFC-L9570CDW(for Japan)DCP-L2540DWHL-L2340DWQL-1115NWBHL-L2375DWRHL-1212WRHL-1212WEMFC-J1215WMFC-L6800DWMFC-J5730DWMFC-1912WRMFC-J1205W(XL)DocuPrint P378 dwMFC-L5700DWHL-L2380DWMFC-J6530DWHL-L2352DWMFC-7880DNDCP-L2520DWDCP-J982N-W/BDCP-L5500DNDCP-J772DWHL-L2315DWDCP-T420WDCP-J4143NHL-2590DNHL-L2350DWMFC-L2710DNMFC-B7715DWMFC-L3730CDNTD-2135NMFC-J6730DWMFC-L2710DWRDCP-B7530DNPT-P750WDCP-L2551DNMFC-J5845DW(XL)QL-820NWBPT-E550W (for Vietnum)MFC-J4345DW XLDocuPrint P118 wDCP-C421WMFC-L2705DWRJ-3050MFC-9150CDNHL-B2080DWMFC-1910WEMFC-L5755DWM 340WDCP-L2540DNRMFC-L6702DWMFC-J998DWNDCP-1615NWDCP-C1210NTD-4550DNWBDocuPrint P285 dwHL-L6200DWRJ-3150AiHL-L6400DWHL-T4000DWADS-3600WDCP-L3510CDWDCP-T710W(for China)MFC-L2751DWDCP-L2560DWRDCP-L3551CDWDCP-J1200W(XL)MFC-T810WHL-L2357DWDCP-T520WMFC-J895DWMFC-L2701DWSP-1 (for Japan)MFC-J1605DNDocuPrint P288 dwDCP-1623WRDCP-9030CDNDocuPrint P378 dMFC-L5800DWHL-L6400DWGMFC-L5850DWMFC-J4340DW(XL)HL-L3230CDNMFC-J5945DWMFC-L2715DWDocuPrint M375 zHL-L2366DWDCP-J1200NPT-E850TKW (for Vietnum)DCP-T226DCP-1610WEMFC-J738DNDCP-L2530DWMFC-J4443NMFC-J939DNMFC-J5330DWDCP-T225DCP-J1203NHL-L2372DNPT-D800WMFC-L2700DNHL-L8260CDNHL-L6300DWMFC-J5335DWMFC-T810W(for China)DCP-1610WDCP-T825DWDCP-L5650DNMFC-J6997CDWSP 230SFNwMFC-L2710DWMFC-L8610CDW(for Japan)HL-L6250DNDCP-7190DWMFC-L5900DWPJ-773HL-L9310CDWMFC-L2740DWFAX-L2710DNMFC-J1800DWMFC-L2716DWADS-2800WHL-L2385DWMFC-J1012DWQL-810WHL-L5100DNTDCP-1618WMFC-L6900DWGHL-L2390DWMFC-J4940DNMFC-J6999CDWMFC-L3710CDWHL-1211WHL-L2370DWXLMFC-L5702DWMFC-7890DNMFC-T920DWDocuPrint M118 zHL-L8260CDWDCP-L2551DWNFC-J903NDocuPrint M115 fwTD-4420DNMFC-J497DWPT-E550W (for US, EU)HL-L2395DWHL-L6402DWDocuPrint P115 wHL-L5202DWHL-L2365DWPT-P950NWMFC-J904NMFC-J939DWNDocuPrint M378 dHL-L2365DWRDocuPrint M225 zDCP-1617NWDCP-L5652DNMFC-L8900CDWbizhub 3080MFMFC-J6947DWMFC-7889DWQL-820NWBcHL-L8360CDWTDCP-L3517CDWMFC-J6995CDWDCP-1616NWMFC-L2750DWDCP-J572NMFC-L3770CDWMFC-L2700DW(ASA)HL-L2360DWRJ-3150DCP-T428WHL-L2351DWDCP-J973N-W/BHL-1223WRMFC-J5630CDWDCP-J981NDCP-J988NMFC-L2700DWRMFC-8530DNHL-L2350DWRRJ-3050AiHL-3190CDWMFC-J739DWNDCP-J987N-WDCP-T510W(for China)DCP-J1800NHL-L6450DWMFC-L5750DWMFC-L2700DWMFC-J1010DWDocuPrint P385 dwTD-2125NDocuPrint M235 dwDCP-L5602DNQL-1110NWBcDocuPrint P235 dDCP-J572DWDocuPrint M375 dfDCP-1612WDCP-L3550CDWDocuPrint M265 zMFC-J805DW XLMFC-J2730DWMFC-L5700DNRJ-3250WBMFC-L2715DW(for Tiwan, Koria)MFC-J738DWNMFC-1911NWDCP-L2552DNMFC-L6700DWHL-L2376DWDocuPrint M118 wDCP-1622WEDCP-T220MFC-J6583CDWDCP-L8410CDWMFC-1915WDCP-J1050DWHL-1212WDCP-L2550DWQL-810WcMFC-J6935DWDCP-L5600DNMFC-L3750CDWDCP-J1800DWDocuPrint P265 dwHL-J6000DWMFC-J995DW XLMFC-L3735CDNDCP-J1140DWMFC-J6535DWHL-L2386DWMFC-L3745CDWDocuPrint M288 dwPT-E550W (for Koria)MFC-J4540NHL-L5050DNHL-L3230CDWbizhub 3000MFDCP-L2535DWMFC-L9570CDWRJ-4250WBMFC-L2720DNMFC-L8610CDWHL-J6000CDWDCP-J914NMFC-J690DWDCP-B7520DWPT-E800WDocuPrint P268 dHL-3160CDWHL-L8360CDWADS-2400NMFC-J815DW XLMFC-J5830DWDCP-T510WHL-1210WMFC-L2710DNRMFC-L2740DWRHL-5595DNHDCP-T720DWMFC-L2732DWMFC-J491DWRJ-2050TD-2120NMFC-L2713DWDCP-L2560DWDCP-J1200WEHL-J6100DWMFC-L9577CDWDocuPrint M288 zMFC-L2680WMFC-1910WDCP-L5502DNDCP-7180DNP 201Wbizhub 4020iMFC-4340DWEDCP-1623WEPT-E850TKW (for Asia pacific, EU, US)MFC-L2750DWRDCP-L2520DWRDCP-J577NTD-2130NMFC-L2703DWPJ-883MFC-L2685DWMFC-J998DNMFC-1916NWDocuPrint M285 zDocuPrint M115 zMFC-L2707DWDCP-J972NDocuPrint P375 dwPT-E550W (for Tiwan, Hongkong)RJ-2150MFC-J6930DWDocuPrint P275 dwHL-L6300DWTHL-L2375DWMFC-T910DWbizhub 5000iMFC-L2720DWMFC-L6902DWPT-E550W (for Thailand)HL-L5100DNDCP-J915NMFC-L2750DWXLHL-L2370DWMFC-L2720DWRDocuPrint M225 dwMFC-8540DNDCP-1610WRHL-1222WEDCP-L2541DWe-STUDIO302DNFMFC-J3530DWMFC-J898NQL-1110NWBHL-5595DNPT-E850TKW (for Tiwan)PT-E850TKW (for UAE)HL-L5102DWMFC-J890DWTD-4520DNPT-P900WcMFC-L2712DWDCP-T426WDCP-J582NHL-1210WEMFC-J4535DW(XL)DocuPrint M115 wMFC-J905NMFC-L2712DNDCP-7090DWMFC-J893NDCP-7190DNDCP-J526NDCP-7195DWMFC-L2730DWRHL-L2370DNDocuPrint P360 dwDocuPrint M260 zPT-E850TKW (for China)MFC-J5930DWPT-E850TKW (for Thailand)DCP-7189DWHL-L6202DWMFC-J1300DWRJ-2140DCP-L2532DWMFC-J6945DWHL-2595DWMFC-L5902DWDCP-T525WMFC-J4540DW(XL)DCP-L2550DNMFC-J4440NMFC-J4440DWHL-2560DNFAX-L2700DNDocuPrint P375 dMFC-L2730DNMFC-J6980CDWHL-L3210CWMFC-J995DWHL-L2360DNRSP 230DNwHL-L6400DWTPT-P900WDCP-1612WRDocuPrint P225 dHL-5590DNHL-L2370DNRDocuPrint M268 dwMFC-9350CDWMFC-J926N-WBe-STUDIO301DNDCP-J987N-BDCP-J978N-W/BMFC-T4500DWDCP-J587NPT-E850TKW (for Koria)HL-L6250DWDocuPrint M378 dfDocuPrint M268 zMFC-J739DNHL-B2050DNHL-L2340DWRDCP-J1700DWSP-1MFC-L2730DWMFC-L6750DWMFC-L6970DWDCP-T725DWDocuPrint P268 dwDCP-J4140NDCP-J774DWbizhub 4000iHL-L5200DWMFC-B7720DNDCP-T425WDCP-T710WMFC-J2330DWHL-L3290CDWHL-2569DWDCP-1612WEHL-L2305WMFC-L6900DWMFC-J1500NMFC-J805DWDocuPrint M385 zHL-L3270CDWHL-1223WEMFC-1919NWDocuPrint M235 zDCP-J528NDCP-L2530DWRADS-3000NMFC-J4335DW(XL)MFC-L2770DWMFC-T925DWDCP-L2550DW(TWN)DCP-T820DWDCP-J1100DW
CWE ID-CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory
CVE-2021-32822
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4||MEDIUM
EPSS-0.30% / 52.74%
||
7 Day CHG~0.00%
Published-16 Aug, 2021 | 18:45
Updated-03 Aug, 2024 | 23:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File disclosure in hbs

The npm hbs package is an Express view engine wrapper for Handlebars. Depending on usage, users of hbs may be vulnerable to a file disclosure vulnerability. There is currently no patch for this vulnerability. hbs mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options a file disclosure vulnerability may be triggered in downstream applications. For an example PoC see the referenced GHSL-2021-020.

Action-Not Available
Vendor-hbs_projectpillarjs
Product-hbshbs
CWE ID-CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-4933
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 38.33%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 19:39
Updated-02 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Job Openings < 3.4.3 - Sensitive Data Exposure via Directory Listing

The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.

Action-Not Available
Vendor-UnknownAWSM Digital Innovations
Product-wp_job_openingsWP Job Openings
CWE ID-CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2024-21501
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-5.3||MEDIUM
EPSS-1.38% / 79.49%
||
7 Day CHG~0.00%
Published-24 Feb, 2024 | 05:00
Updated-25 Apr, 2025 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server.

Action-Not Available
Vendor-apostrophecmsn/aapostrophecmsFedora Project
Product-sanitize-htmlfedorasanitize-htmlorg.webjars.npm:sanitize-htmlsanitize-html
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory
CVE-2019-6851
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.39%
||
7 Day CHG~0.00%
Published-29 Oct, 2019 | 14:55
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information from the controller when using TFTP protocol.

Action-Not Available
Vendor-n/a
Product-tsxmrpc001m_firmwaretsxmrpc002m_firmwaretsxmrpp384ktsxmfpp002m_firmwaremodicon_m580_firmwaretsxmrpc448k_firmwaretsxmrpf008mtsxmrpp384k_firmwaretsxmcpc002m_firmwaretsxmrpf004mtsxmrpc768ktsxmrpc01m7tsxmrpp224kmodicon_m580tsxmrpc01m7_firmwaretsxmfp064p2tsxmrpc003m_firmwaretsxmrpc001mtsxmfpp224ktsxmrpc002mtsxmfpp004mtsxmfpp001m_firmwaretsxmrpc768k_firmwaretsxmfpp001mtsxmrpp224k_firmwaretsxmrpc007m_firmwaretsxmfpp512k_firmwaretsxmfpp224k_firmwaretsxmfp0128p2tsxmrpc007mtsxmcpc002mmodicon_m340tsxmfpp384ktsxmrpf008m_firmwaretsxmcpc512ktsxmfp0128p2_firmwaretsxmcpc512k_firmwaretsxmfpp512ktsxmrpf004m_firmwaretsxmfp064p2_firmwaretsxmrpc003mtsxmfpp002mtsxmfpp384k_firmwaretsxmrpc448ktsxmfpp004m_firmwaremodicon_m340_firmwareModicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions)
CWE ID-CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-26329
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-1.8||LOW
EPSS-0.30% / 52.76%
||
7 Day CHG~0.00%
Published-24 Jan, 2023 | 00:00
Updated-01 Apr, 2025 | 17:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File existence disclosue vulnerability in IDM plugin

File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL.

Action-Not Available
Vendor-netiqMicro Focus International Limited
Product-identity_managerNetIQ Identity Manager
CWE ID-CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2025-22306
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 21.38%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 16:58
Updated-07 Jan, 2025 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Link Whisper Free plugin <= 0.7.7 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.7.7.

Action-Not Available
Vendor-Link Whisper
Product-Link Whisper Free
CWE ID-CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory
Details not found