Drupal Configuration Backup Files Detected

medium Web App Scanning Plugin ID 98210

Synopsis

Drupal Configuration Backup Files Detected

Description

The scanner has detected publicly accessible Drupal configuration file(s) on the target web application.

These files likely contains extremely sensitive server information including administrative database credentials.

This may present an attacker with an exploit vector which could be leveraged using other techniques, possibly leading to a full compromise of the target server

Solution

Remove all backup files from the web server, storing on a secure location if neccessary and update database credentials.

See Also

https://feross.org/cmsploit/

Plugin Details

Severity: Medium

ID: 98210

Type: remote

Published: 3/27/2018

Updated: 11/26/2021

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS Score Source: Tenable

CVSS v4

Risk Factor: Medium

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CVSS Score Source: Tenable

Reference Information