Description

One or more documentation files (e.g. readme.txt, changelog.txt, ...) were found. The information contained in these files could help an attacker identify the web application you are using and sometimes the version of the application. It's recommended to remove these files from production systems.

Remediation

Remove or restrict access to all documentation file acessible from internet.

References

INT08:2023 – Information Leakage

Related Vulnerabilities

WordPress Plugin MAC PHOTO GALLERY 'albid' Parameter Arbitrary File Disclosure (2.8)

PHP-CS-Fixer cache file publicly accessible (.php_cs.cache)

Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.8)

WordPress Plugin Zip Attachments Arbitrary File Download (1.4)

WordPress Plugin Health Check & Troubleshooting Arbitrary File Disclosure (1.2.3)

Severity

Low

Classification

CWE-538 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Test Files