SYM_JAVA_0014 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code reads files using user-supplied input to build file paths without proper validation. This allows attackers to manipulate the path and access files outside the intended directory, potentially exposing sensitive data.
Impact
If exploited, an attacker could read arbitrary files from the server’s filesystem, such as configuration files, credentials, or other private data. This can lead to information leaks, further attacks, or full system compromise.