Hello There,
I am Parshwa Bhavsar.
I have found a Vulnerability called "Sensitive Information Disclosure".
Report :-
Description :-
A malicious user can have access to some admin data through this vulnerability.
This vulnerability is also called "Directory Listening".
Vulnerable URL :-
Steps to reproduce :-
Open the vulnerable URL in your browser , you will notice that some of the admin files have been publicly accessed.
PoC :-
Attached ScreenShot.
Impact :-
A malicious user will use this information to plan furthermore attacks.
It also refers to data leak to the non-authorized party.
Mitigation:-
Restrict non-authorized users to access this file.
Hope, You will patch it soon :)
Thanks & Regards,
Parshwa Bhavsar