Description

A possible backup file was found on your web-server. These files are usually created by developers to backup their work.

Remediation

Remove the file(s) if they are not required on your website. As an additional step, it is recommended to implement a security policy within your organization to disallow creation of backup files in directories accessible from the web.

References

Testing for Old, Backup and Unreferenced Files (OWASP-CM-006)

Security Tips for Server Configuration

Protecting Confidential Documents at Your Site

Related Vulnerabilities

WordPress Plugin Simple File List Arbitrary File Download (3.2.7)

Pyramid DebugToolbar enabled

WordPress Plugin Mashshare-Social Media Icons SEO Share Buttons for Facebook, Twitter, Subscribe Information Disclosure (2.3.0)

WordPress Plugin Mailing List 'dl.php' Arbitrary File Download (1.4.1)

WordPress Plugin SSL Insecure Content Fixer Information Disclosure (2.0.0)

Severity

High

Classification

CWE-538 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Tags

Information Disclosure Test Files