CWE-530Exposure of Backup File to an Unauthorized Control Sphere

PUBLISHEDweakness record
released 2006-07-19 · last modified 2026-04-30

Metadata

CWE ID:
CWE-530
摘要:
Variant
结构:
Simple
状态:
Incomplete
发布日期:
2006-07-19
更新日期:
2026-04-30

名称

Exposure of Backup File to an Unauthorized Control Sphere

描述

A backup file is stored in a directory or archive that is made accessible to unauthorized actors.

Often, older backup files are renamed with an extension such as .~bk to distinguish them from production files. The source code for old files that have been renamed in this manner and left in the webroot can often be retrieved. This renaming may have been performed automatically by the web server, or manually by the administrator.

常见后果

范围:
Confidentiality
影响:
Read Application Data
注释:
At a minimum, an attacker who retrieves this file would have all the information contained in it, whether that be database calls, the format of parameters accepted by the application, or simply information regarding the architectural structure of your site.

相关 CWE

相关警报