SYM_RB_0043 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description
The code uses user-supplied input (such as from params, cookies, or request environment) directly in FTP file operations. This allows attackers to control which files are accessed or modified on the server.
Impact
If exploited, an attacker could read, overwrite, or delete arbitrary files on the server via FTP, potentially exposing sensitive data or disrupting application functionality. This could lead to data breaches or loss of system integrity.