CAPEC Related Weakness
Relative Path Traversal
CWE-20Improper Input Validation
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory Traversal
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-893SFP Primary Cluster: Path Resolution
File System Function Injection, Content Based
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-23Relative Path Traversal
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-713OWASP Top Ten 2007 Category A2 - Injection Flaws
CWE-715OWASP Top Ten 2007 Category A4 - Insecure Direct Object Reference
Using Slashes and URL Encoding Combined to Bypass Validation Logic
CWE-20Improper Input Validation
CWE-21Pathname Traversal and Equivalence Errors
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-73External Control of File Name or Path
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171Cleansing, Canonicalization, and Comparison Errors
CWE-172Encoding Error
CWE-173Improper Handling of Alternate Encoding
CWE-177Improper Handling of URL Encoding (Hex Encoding)
CWE-697Incorrect Comparison
CWE-707Improper Enforcement of Message or Data Structure
Manipulating Input to File System Calls
CWE-15External Control of System or Configuration Setting
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-23Relative Path Traversal
CWE-59Improper Link Resolution Before File Access ('Link Following')
CWE-73External Control of File Name or Path
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-264Permissions, Privileges, and Access Controls
CWE-272Least Privilege Violation
CWE-285Improper Authorization
CWE-346Origin Validation Error
CWE-348Use of Less Trusted Source
CWE-715OWASP Top Ten 2007 Category A4 - Insecure Direct Object Reference
Using Escaped Slashes in Alternate Encoding
CWE-20Improper Input Validation
CWE-21Pathname Traversal and Equivalence Errors
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-73External Control of File Name or Path
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171Cleansing, Canonicalization, and Comparison Errors
CWE-172Encoding Error
CWE-173Improper Handling of Alternate Encoding
CWE-180Incorrect Behavior Order: Validate Before Canonicalize
CWE-181Incorrect Behavior Order: Validate Before Filter
CWE-697Incorrect Comparison
CWE-707Improper Enforcement of Message or Data Structure
Using Slashes in Alternate Encoding
CWE-20Improper Input Validation
CWE-21Pathname Traversal and Equivalence Errors
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-73External Control of File Name or Path
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171Cleansing, Canonicalization, and Comparison Errors
CWE-173Improper Handling of Alternate Encoding
CWE-180Incorrect Behavior Order: Validate Before Canonicalize
CWE-181Incorrect Behavior Order: Validate Before Filter
CWE-185Incorrect Regular Expression
CWE-200Information Exposure
CWE-697Incorrect Comparison
CWE-707Improper Enforcement of Message or Data Structure
Back to Top