CWE-57 - Path Equivalence: 'fakedir/../realdir/filename'
- Abstraction:Variant
- Structure:Simple
- Status:Incomplete
- Release Date:2006-07-19
- Latest Modification Date:2023-06-29
Weakness Name
Path Equivalence: 'fakedir/../realdir/filename'
Description
The product contains protection mechanisms to restrict access to 'realdir/filename', but it constructs pathnames using external input in the form of 'fakedir/../realdir/filename' that are not handled by those mechanisms. This allows attackers to perform unauthorized actions against the targeted file.
Common Consequences
Scope: Confidentiality, Integrity
Impact: Read Files or Directories, Modify Files or Directories