Description

This script is vulnerable to directory traversal attacks.

Directory Traversal is a vulnerability which allows attackers to access restricted directories and read files outside of the web server's root directory.

Remediation

Your script should filter metacharacters from user input.

References

Acunetix Directory Traversal Attacks

Related Vulnerabilities

WildFly Application Server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-1047)

WordPress Plugin Mailster-Email Newsletter for WordPress Local File Inclusion (4.0.6)

WordPress Plugin Delightful Downloads Directory Traversal (1.6.6)

WordPress Plugin JetWidgets for Elementor and WooCommerce Local File Inclusion (1.1.7)

WordPress Plugin WP Source Control Directory Traversal (3.0.0)

Severity

High

Classification

CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal