Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Arbitrary File Creation - Vulnerability Database

Arbitrary File Creation

Description

This script is vulnerable to arbitrary file creation.

This issue allows an attacker to influence calls to functions which create files/directories and create arbitrary files. Due to a lack of input validation, an attacker can supply directory traversal sequences followed by an arbitrary file name to create specific files.

Remediation

Your script should filter metacharacters from user input.

References

Directory Traversal Attacks

Related Vulnerabilities

PHP unspecified remote arbitrary file upload vulnerability Medium
Common tags: Arbitrary File Creation
Cross-site Scripting via File Upload High
Common tags: Arbitrary File Creation
Fortinet FortiNAC RCE via arbitrary file upload High
Common tags: Arbitrary File Creation
Lucee Server Arbitrary File Creation High
Common tags: Arbitrary File Creation
Dragonfly Arbitrary File Read/Write (CVE-2021-33564) High
Common tags: Arbitrary File Creation

Severity

High

Classification

CWE-20
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Arbitrary File Creation