Summary

Netsparker identified a possible backup file disclosure on the web server.

Impact
Backup files can contain old or current versions of a file on the web server. This could include sensitive data such as password files or even the application's source code. This form of issue normally leads to further vulnerabilities or, at worst, sensitive information disclosure.
Remediation
Do not store backup files on production servers.
Classifications
PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC-87, WASC-34, OWASP 2013-A7 , CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N