CWE-22 - CERT CVE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CAPEC ID Naziv
CAPEC-126 Path Traversal
CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-76 Manipulating Web Input to File System Calls
CAPEC-78 Using Escaped Slashes in Alternate Encoding
CAPEC-79 Using Slashes in Alternate Encoding