The search query you're looking at, "inurl:view/index.shtml" , is a well-known Google Dork
When you find a log viewer via this dork, document it as , not as a vulnerability itself. The real vulnerability is the lack of authentication. In your report, write: inurl+view+index+shtml+14