Relative Path Traversal
| Property | |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-23: Relative Path Traversal |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | High |
| Impact Level | High |
| Likelihood Level | Medium |
Description#
User input is being used directly to construct file paths without validation or sanitization. This allows attackers to manipulate the path, potentially accessing files outside intended directories (e.g., using ‘../’).
Impact#
If exploited, an attacker could read, overwrite, or delete sensitive files on the server by navigating the filesystem, leading to data breaches, application compromise, or denial of service. This can expose confidential information or disrupt business operations.