Invicti identified a possible backup file disclosure on the web server.

Backup files can contain old or current versions of a file on the web server. This could include sensitive data such as password files or even the application's source code. This form of issue normally leads to further vulnerabilities or, at worst, sensitive information disclosure.

Do not store backup files on production servers.