Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
Deleting files using unlink() with file paths from user input is unsafe. Attackers could supply paths to files they shouldn’t have access to, leading to unauthorized file deletion.
Impact#
If exploited, an attacker could delete critical system or application files, disrupt service, or remove data they aren’t authorized to manage. This can result in data loss, application downtime, or further security breaches.