CWE-23 - Relative Path Traversal


The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory. The attacker may be able to overwrite or create, delete, corrupt critical files, such as programs, libraries, or important data. The weakness is introduced during Implementation stage.

Latest vulnerabilities for CWE-23


Description of CWE-23 on Mitre website