CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Weakness Name: Improper Link Resolution Before File Access ('Link Following')

Description: The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Common Consequences: Scope: Confidentiality, Integrity, Access Control
Impact: Read Files or Directories, Modify Files or Directories, Bypass Protection Mechanism
Notes: An attacker may be able to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. If the files are used for a security mechanism then an attacker may be able to bypass the mechanism.
Scope: Other
Impact: Execute Unauthorized Code or Commands
Notes: Windows simple shortcuts, sometimes referred to as soft links, can be exploited remotely since a ".LNK" file can be uploaded like a normal file. This can enable remote execution.

Free security scan for your website

Don't show website scan report rating on the leaderboard

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.