DerScanner
Home / Vulnerability Database / Config files : Path manipulation
Config files

Config files : Path manipulation

Classification

OWASP Top 10 2013
A1-Injection
OWASP Top 10 2017
A1-InjectionA5-Broken Access Control
OWASP Top 10 2021
A1-Broken Access ControlA3-InjectionA4-Insecure Design
OWASP ASVS
Files and Resources
PCI DSS 4.0
6.2.4
HIPAA
§164.312 (a)(1)
CWE
CWE-22CWE-23CWE-35CWE-36CWE-73CWE-434CWE-642CWE-1027
CWE/SANS Top 25 2011
CWE-22CWE-434
CWE/SANS Top 25 2021
CWE-22CWE-434

Overview

While working with the file system, you should be careful, an attacker can get access to read and modify important system files because of insufficient validation of user data .

By manipulating path parameters by using ~, an attacker can work with files and directories that are not in the home directory path.

References

  1. OWASP Top 10 2017-A1-Injection
  2. OWASP Top 10 2017-A5-Broken Access Control
  3. OWASP Top 10 2013-A4-Insecure Direct Object References
  4. CWE-73: External Control of File Name or Path
  5. Path Traversal - OWASP
  6. CWE CATEGORY: OWASP Top Ten 2017 Category A1 - Injection
  7. CWE-23
  8. CWE-36
  9. Restrict path access to prevent path traversal
  10. A01:2021 - Broken Access Control
  11. CWE-35: Path Traversal
  12. A03:2021 - Injection
CRITICAL

DerScanner Severity Score

Do you want to fix Config files : Path manipulation in your application?

See also

Config files

Config files : Text4Shell Vulnerability

Config files

Config files : Incorrect directory deletion

Config files

Config files : Code injection