Path Traversal
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-35: Path Traversal |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
Using Filename.concat with data from users or external sources can allow attackers to craft file paths that access files or directories outside the intended location. This makes the application vulnerable to directory traversal attacks.
Impact#
If exploited, an attacker could read, modify, or overwrite sensitive files on the server by manipulating file paths. This could lead to data breaches, unauthorized access, or disruption of critical application functionality.