CWE-530: Exposure of Backup File to an Unauthorized Control Sphere
Weakness ID: 530
A backup file is stored in a directory that is accessible to actors outside of the intended control sphere.
Often, old files are renamed with an extension such as .~bk to distinguish them from production files. The source code for old files that have been renamed in this manner and left in the webroot can often be retrieved. This renaming may have been performed automatically by the web server, or manually by the administrator.
Time of Introduction
Technical Impact: Read application
At a minimum, an attacker who retrieves this file would have all the
information contained in it, whether that be database calls, the format
of parameters accepted by the application, or simply information
regarding the architectural structure of your site.
Recommendations include implementing a security policy within your
organization that prohibits backing up web application source code in