Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Directory traversal - Vulnerability Database

Directory traversal

Description

This script is vulnerable to directory traversal attacks.

Directory Traversal is a vulnerability which allows attackers to access restricted directories and read files outside of the web server's root directory.

Remediation

Your script should filter metacharacters from user input.

References

Directory Traversal Attacks

Related Vulnerabilities

ColdFusion directory traversal High
Common tags: Directory Traversal
WordPress Plugin WP AmASIN-The Amazon Affiliate Shop Directory Traversal (0.9.6) High
Common tags: Directory Traversal
WordPress Plugin WordPress Download Manager Directory Traversal (2.6.95) High
Common tags: Directory Traversal
WordPress Plugin NextGEN Gallery-WordPress Gallery Directory Traversal (2.0.0) High
Common tags: Directory Traversal
WordPress Plugin Advanced Dewplayer Directory Traversal (1.2) High
Common tags: Directory Traversal

Severity

High

Classification

CWE-22
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal