Description

webadmin.php is a simple Web-based file manager. This file manager should not be installed on production systems because it doesn't employ any user authentication in the default configuration. Therefore an attacker can read and create random files in your system.

Remediation

Restrict access to this file or remove it from the system.

References

webadmin homepage

Related Vulnerabilities

Stack Trace Disclosure (Apache MyFaces)

WordPress full path disclosure

WordPress Plugin Cherry Services List Information Disclosure (1.4.1)

Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4)

PHP-FPM Status Page

Severity

High

Classification

CWE-16 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Tags

Abuse Of Functionality Information Disclosure