CWE-219: Storage of File with Sensitive Data Under Web Root
low-riskThe product stores sensitive data under the web document root with insufficient access control, which might make it accessible to untrusted parties.
Abstraction: Variant
Common Consequences
Confidentiality
→
Read Application Data
Real-World Examples (6)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2024-56159 | 5.3 | 10.2% | — |
| CVE-2022-21236 | 7.5 | 1.4% | — |
| CVE-2002-2024 | 5.3 | 0.4% | — |
| CVE-2022-36306 | 6.5 | 0.4% | — |
| CVE-2024-39776 | 7.5 | 0.2% | — |
| CVE-2023-39467 | 5.3 | 0.1% | — |
6
/ 100
low-risk
Active Threat
6/50 · Minimal
Exploit Availability
0/50 · Minimal