Arbitrary Source Code Disclosure

Impact: High


Arbitrary Source Code Disclosure is a vulnerability that occurs when it’s possible to access the source code of any file on a web application, potentially revealing sensitive information such as credentials, API keys, or proprietary algorithms. This can occur due to misconfigurations or vulnerabilities in the web server or application.


To mitigate Arbitrary Source Code Disclosure, avoid passing user-submitted input to filesystem APIs. If it’s not possible, another solution is to use a white list of acceptable inputs.


Last updated on May 13, 2024

This issue is available in SmartScanner Professional

See Pricing