Arbitrary Source Code Disclosure
Impact: High
Description
Source code on a web server often contains sensitive information and should not be accessible to users.
Recommendation
Avoid passing user-submitted input to filesystem APIs. If it’s not possible, another solution is to use a white list of acceptable inputs.
References
👉 You might also like:
Source Code Disclosure - Vulnerability
Unreferenced Source Code Disclosure - Vulnerability
Email Address Disclosure - Vulnerability
Path Disclosure in Robots.txt - Vulnerability
Last updated on February 15, 2021