CWE-530
Exposure of Backup File to an Unauthorized Control Sphere
Description
A backup file is stored in a directory or archive that is made accessible to unauthorized actors.
Often, older backup files are renamed with an extension such as .~bk to distinguish them from production files. The source code for old files that have been renamed in this manner and left in the webroot can often be retrieved. This renaming may have been performed automatically by the web server, or manually by the administrator.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Read Application Data
Potential Mitigations
Recommendations include implementing a security policy within your organization that prohibits backing up web application source code in the webroot.
CVE-2024-7315Chain: WordPress plugin does not use sufficient randomness when generating the filename for a backup (CWE-340), allowing attackers to obtain backup files (CWE-530)
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now