Description

This script is vulnerable to directory traversal attacks.

Directory Traversal is a vulnerability which allows attackers to access restricted directories and read files outside of the web server's root directory.

Remediation

Your script should filter metacharacters from user input.

References

Acunetix Directory Traversal Attacks

Related Vulnerabilities

uWSGI Path Traversal vulnerability

WordPress Plugin Download Shortcode Arbitrary File Disclosure (0.1)

WordPress Plugin Database Backup for WordPress 'edit.php' Directory Traversal (1.7)

WordPress Plugin Gallery-Flagallery Photo Portfolio Multiple Vulnerabilities (2.00)

WordPress Plugin Ajax Store Locator Directory Traversal (1.2.0)

Severity

High

Classification

CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal