Vulnerabilities > CVE-2021-44315 - Files or Directories Accessible to External Parties vulnerability in PHPgurukul BUS Pass Management System 1.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to view the sensitive files of the application, for example: Any file which contains sensitive information of the user or server.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- https://github.com/abhiunix/Bus-Pass-Management-System-v1.0/blob/master/Directory%20listing/Report_Directory%20listing.pdf
- https://github.com/abhiunix/Bus-Pass-Management-System-v1.0/blob/master/Directory%20listing/Report_Directory%20listing.pdf
- https://github.com/abhiunix/Bus-Pass-Management-System-v1.0/tree/master/Directory%20listing
- https://github.com/abhiunix/Bus-Pass-Management-System-v1.0/tree/master/Directory%20listing