The product accepts path input in the form of multiple internal dot ('file...dir') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.

What are the consequences of CWE-45?

Exploiting CWE-45 can lead to: Read Files or Directories, Modify Files or Directories.

CWE-45: Path Equivalence: 'file...name' (Multiple Internal Dot)

Mapped taxonomies

PLOVER: Multiple Internal Dot - 'file...dir'
Software Fault Patterns: Path Traversal (SFP16)

CWE-45: Path Equivalence: 'file...name' (Multiple Internal Dot)

Mapped taxonomies

CWE-45: Path Equivalence: 'file...name' (Multiple Internal Dot)

Overview

Common consequences

How it happens

When it is introduced

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-45?

What are the consequences of CWE-45?

References

Stay ahead of CWE-45

Mapped taxonomies

Overview

Common consequences

How it happens

When it is introduced

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-45?

What are the consequences of CWE-45?

References

Stay ahead of CWE-45