CWE-56
Path Equivalence: 'filedir*' (Wildcard)
The product accepts path input in the form of asterisk wildcard ('filedir*') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
Official CWE-56 definition at MITREImpactr finds and proves weaknesses like CWE-56 in your web apps and APIs - investigating, chaining, and validating each with a reproducible exploit.
Join the waitlist