Description

One or more possibly sensitive directories were found. These resources are not directly linked from the website. This check looks for common sensitive resources like backup directories, database dumps, administration pages, temporary directories. Each one of these directories could help an attacker to learn more about his target.

Remediation

Restrict access to these directories or remove them from the website.

References

Web Server Security and Database Server Security

Related Vulnerabilities

Insecure transition from HTTP to HTTPS in form post

Rails controller possible sensitive information disclosure

WordPress Plugin wp-FileManager Arbitrary File Disclosure (1.3.0)

WordPress Plugin ContentStudio Multiple Vulnerabilities (1.2.5)

PHPinfo pages

Severity

Low

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure