Vulnerabilities > CVE-2021-44315 - Files or Directories Accessible to External Parties vulnerability in PHPgurukul BUS Pass Management System 1.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

phpgurukul

CWE-552

NVD

Published: 2021-12-16

Updated: 2023-11-14

Summary

In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to view the sensitive files of the application, for example: Any file which contains sensitive information of the user or server.

Vulnerable Configurations

Part	Description	Count
Application	Phpgurukul Phpgurukul BUS Pass Management System 1.0	1

Common Weakness Enumeration (CWE)

CWE-552 - Files or Directories Accessible to External Parties

References

https://github.com/abhiunix/Bus-Pass-Management-System-v1.0/blob/master/Directory%20listing/Report_Directory%20listing.pdf
https://github.com/abhiunix/Bus-Pass-Management-System-v1.0/tree/master/Directory%20listing