Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description#
The code is using user input (such as parameters, cookies, or request data) directly in file or directory operations. This allows attackers to control file paths and potentially access or modify files they shouldn’t.
Impact#
An attacker could read, modify, or delete sensitive files on the server, leading to data breaches, service disruption, or escalation of privileges. This exposes the application and its users to significant risk, including unauthorized access to confidential information.