CWE-51
Path Equivalence: '/multiple//internal/slash'
The product accepts path input in the form of multiple internal slash ('/multiple//internal/slash/') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
Official CWE-51 definition at MITREImpactr finds and proves weaknesses like CWE-51 in your web apps and APIs - investigating, chaining, and validating each with a reproducible exploit.
Join the waitlist