File Descriptor Leak in tsolucio/corebos
Feb 27th 2022
Possible sensitive files
Vulnerability description: A possible sensitive file has been found. This file is not directly linked from the website. This check looks for common sensitive resources like password files, configuration files, log files, include files, statistics data, database dumps. Each one of these files could help an attacker to learn more about his target.
**.DS_Store .dccache /cache /test /Smarty/templates_c /storage /logs /backup /user_privileges /config-dev.inc.php /modules/Calendar4You/googlekeys /include/csrfmagic/csrf-secret.php /include/integrations/saml/certs /.vscode /.scannerwork /node_modules
poc url: https://demo.corebos.com/.gitignore
The impact of this vulnerability This file may expose sensitive information that could help a malicious user to prepare more advanced attacks.
How to fix this vulnerability Restrict access to this file or remove it from the website.