Arbitrary Source Code Disclosure
Source code on a web server often contains sensitive information and should not be accessible to users.
Avoid passing user-submitted input to filesystem APIs. If it’s not possible, another solution is to use a white list of acceptable inputs.
👉 You might also like:
Source Code Disclosure - Vulnerability
Unreferenced Source Code Disclosure - Vulnerability
Email Address Disclosure - Vulnerability
Path Disclosure in Robots.txt - Vulnerability
Last updated on February 15, 2021