SYM_PHP_0012 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Deleting files using unlink() with file paths from user input is unsafe. Attackers could supply paths to files they shouldn't have access to, leading to unauthorized file deletion.
Impact
If exploited, an attacker could delete critical system or application files, disrupt service, or remove data they aren't authorized to manage. This can result in data loss, application downtime, or further security breaches.