H3-2022-0015
Web Application Path Traversal Vulnerability
Category | VULNERABILITY |
Base Score | 7.5 |
Description
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
Impact
An attacker can access arbitrary files on the file system with the permissions of the user running the web application. These files may include sensitive information such as credentials and user session data that can be used for further attacks.