Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
User input from HTTP requests is being used directly in file names without proper validation or sanitization, allowing attackers to manipulate file paths. This can let them access or overwrite files outside the intended directory.
Impact#
If exploited, attackers could read sensitive files (like configuration or credential files) or overwrite critical data on the server, potentially leading to data breaches, service disruption, or further compromise of the system.