SYM_PHP_0050 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
External Control of File Name or Path
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-73: External Control of File Name or Path |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
These functions can be used to read to content of the files if the data inside is user-controlled. Don't use the input directly or validate the data properly before passing it to these functions.