CWE-44
Path Equivalence: 'file.name' (Internal Dot)
The product accepts path input in the form of internal dot ('file.ordir') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
Official CWE-44 definition at MITREImpactr finds and proves weaknesses like CWE-44 in your web apps and APIs - investigating, chaining, and validating each with a reproducible exploit.
Join the waitlist