CWE-428 - Unquoted Search Path or Element

CWE-428

Abstraction:
Base

Structure:
Simple

Status:
Draft

Weakness Name: Unquoted Search Path or Element

Description: The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
If a malicious individual has access to the file system, it is possible to elevate privileges by inserting such a file as "C:\Program.exe" to be run by a privileged program making use of WinExec.

Common Consequences: Scope: Confidentiality, Integrity, Availability
Impact: Execute Unauthorized Code or Commands

Related Weaknesses: CWE-668Exposure of Resource to Wrong Sphere

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard