DerScanner
Home / Vulnerability Database / Visual Basic 6 : Path manipulation
Visual Basic 6

Visual Basic 6 : Path manipulation

Classification

OWASP Top 10 2013
A1-Injection
OWASP Top 10 2017
A1-InjectionA5-Broken Access Control
OWASP Top 10 2021
A1-Broken Access ControlA3-InjectionA4-Insecure Design
OWASP ASVS
Files and Resources
PCI DSS 4.0
6.2.4
HIPAA
§164.312 (a)(1)
CWE
CWE-22CWE-23CWE-35CWE-36CWE-73CWE-434CWE-642CWE-1027
CWE/SANS Top 25 2011
CWE-22CWE-434
CWE/SANS Top 25 2021
CWE-22CWE-434

Overview

Using data from an untrusted source when working with the file system may give an attacker access to important system files.

By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files.

References

  1. OWASP Top 10 2013-A4-Insecure Direct Object References
  2. CWE-73: External Control of File Name or Path
  3. Path Traversal - OWASP
  4. CWE CATEGORY: OWASP Top Ten 2017 Category A1 - Injection
  5. CWE-23
CRITICAL

DerScanner Severity Score

Do you want to fix Visual Basic 6 : Path manipulation in your application?

See also

Visual Basic 6

Visual Basic 6 : Weak seed of random number generator

Visual Basic 6

Visual Basic 6 : Error bad handling

Visual Basic 6

Visual Basic 6 : Unsafe padding