Exposure of Backup File to an Unauthorized Control Sphere
This vulnerability occurs when backup or temporary files are stored in locations that unauthorized users can access, such as web directories.
Developers and systems often create backup copies of live files, sometimes automatically renaming them with extensions like .bak, .old, or .~bk. When these files are left within a publicly accessible directory—like a web server's root—attackers can directly request and download them. This exposes source code, configuration files, or sensitive data that should remain protected. Manually finding and securing every misplaced backup file across a complex application is error-prone. An ASPM platform like Plexicus can automatically detect these exposed files across your entire stack, using SAST and DAST techniques to identify the risk. Furthermore, Plexicus's AI-driven remediation can provide specific guidance on moving or deleting these files, helping you close the gap quickly and consistently.
Impact: Read Application Data
At a minimum, an attacker who retrieves this file would have all the information contained in it, whether that be database calls, the format of parameters accepted by the application, or simply information regarding the architectural structure of your site.