CWE-38 - Path Traversal: '\absolute\pathname\here'

CWE ID:

CWE-38

Abstraction:Variant
Structure:Simple
Status:Draft

Release Date:2006-07-19
Latest Modification Date:2023-06-29

Weakness Name

Path Traversal: '\absolute\pathname\here'

Description

The product accepts input in the form of a backslash absolute path ('\absolute\pathname\here') without appropriate validation, which can allow an attacker to traverse the file system to unintended locations or access arbitrary files.

Common Consequences

Scope: Confidentiality, Integrity

Impact: Read Files or Directories, Modify Files or Directories

Related Weaknesses

CWE-36Absolute Path Traversal

Top Security News

Latest CVE List

Common Alerts

MediumParameter Tampering
InformationalSec-Fetch-Mode Header is Missing
LowCookie with Invalid SameSite Attribute
HighPath Traversal
HighSQL Injection - Oracle
MediumVulnerable JS Library
InformationalEmail address found in WebSocket message
MediumDirectory Browsing
InformationalServer Leaks its Webserver Application via "Server" HTTP Response Header Field
InformationalInformation Disclosure - Information in Browser sessionStorage