Path Equivalence: 'fakedir/../realdir/filename'
The software contains protection mechanisms to restrict access to 'realdir/filename', but it constructs pathnames using external input in the form of 'fakedir/../realdir/filename' that are not handled by those mechanisms. This allows attackers to perform unauthorized actions against the targeted file.
This category identifies Software Fault Patterns (SFPs) within the Path Traversal cluster (SFP16).
This view (slice) covers all the elements in CWE.
This view (slice) lists weaknesses that can be introduced during implementation.