CWE-530: Exposure of Backup File to an Unauthorized Control Sphere

VariantIncomplete

A backup file is stored in a directory or archive that is made accessible to unauthorized actors.

View on MITRE
Back to CWE Lookup

Extended Description

Often, older backup files are renamed with an extension such as .~bk to distinguish them from production files. The source code for old files that have been renamed in this manner and left in the webroot can often be retrieved. This renaming may have been performed automatically by the web server, or manually by the administrator.

Technical Details

Structure
Simple

Applicable To

Languages
Platforms

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-530

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references