SYM_PY_0145 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Medium |
Description
User input from HTTP requests is being used directly as a file path in the open() function without validation or sanitization. This allows attackers to craft requests that access files outside the intended directory, leading to a path traversal vulnerability.
Impact
If exploited, an attacker could read sensitive files on the server (such as configuration files, credentials, or source code), potentially leading to data breaches, system compromise, or further attacks against your application and infrastructure.