Common Weakness Enumeration

CWE-23

Allowed

Relative Path Traversal

Abstraction: Base · Status: Draft

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

778 vulnerabilities reference this CWE, most recent first.

GHSA-35GR-6J23-M9WG

Vulnerability from github – Published: 2026-01-16 06:30 – Updated: 2026-01-16 06:30
VLAI
Details

Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-1022"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-23"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-16T04:15:49Z",
    "severity": "HIGH"
  },
  "details": "Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.",
  "id": "GHSA-35gr-6j23-m9wg",
  "modified": "2026-01-16T06:30:15Z",
  "published": "2026-01-16T06:30:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1022"
    },
    {
      "type": "WEB",
      "url": "https://www.twcert.org.tw/en/cp-139-10640-0fd0b-2.html"
    },
    {
      "type": "WEB",
      "url": "https://www.twcert.org.tw/tw/cp-132-10639-813ad-1.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-36HJ-G8JH-R4RQ

Vulnerability from github – Published: 2023-11-09 09:30 – Updated: 2023-11-09 09:30
VLAI
Details

A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to escape from virtual directories and get read/write access to protected files on the targeted system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-47613"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-23"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-09T07:15:07Z",
    "severity": "MODERATE"
  },
  "details": "A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to escape from virtual directories and get read/write access to protected files on the targeted system.",
  "id": "GHSA-36hj-g8jh-r4rq",
  "modified": "2023-11-09T09:30:26Z",
  "published": "2023-11-09T09:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47613"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-211-telit-cinterion-thales-gemalto-modules-relative-path-traversal"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-36QG-X8H8-59G2

Vulnerability from github – Published: 2026-06-19 00:31 – Updated: 2026-06-19 00:31
VLAI
Details

Impact

A security issue has been identified in Chef 360 that could allow unauthorized access to protected API endpoints under specific conditions. This issue is due to improper handling of URL-encoded paths during request processing. In certain scenarios, an authenticated request may bypass standard access controls gaining additional privileges, potentially allowing access to API endpoints that are intended to be restricted to higher-permissioned roles. The impact is limited to environments where the affected request patterns can be triggered and depends on specific deployment configuration and access controls in place. Resolution The issue has been addressed through product updates that improve request validation and enforce strict path normalization before authorization checks.  Customers are advised to update to the latest available version containing the fix, version 1.7.1 or later.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-8100"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-23"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-18T22:16:32Z",
    "severity": "HIGH"
  },
  "details": "Impact\n\nA security issue has been identified in Chef 360 that could allow unauthorized access to protected API endpoints under specific conditions.\u00a0This issue is due to improper handling of URL-encoded paths during request processing. In certain scenarios, an authenticated request may bypass standard access controls gaining additional privileges, potentially allowing access to API endpoints that are intended to be restricted to higher-permissioned roles.\u00a0The impact is limited to environments where the affected request patterns can be triggered and depends on specific deployment configuration and access controls in place.\nResolution\nThe issue has been addressed through product updates that improve request validation and enforce strict path normalization before authorization checks.\u00a0 Customers are advised to update to the latest available version containing the fix, version 1.7.1 or later.",
  "id": "GHSA-36qg-x8h8-59g2",
  "modified": "2026-06-19T00:31:37Z",
  "published": "2026-06-19T00:31:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8100"
    },
    {
      "type": "WEB",
      "url": "https://community.progress.com/s/article/Authentication-Bypass-via-URL-Encoded-Path-Traversal"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:X/V:X/RE:M/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-36R5-JP7X-X82R

Vulnerability from github – Published: 2025-03-05 00:30 – Updated: 2025-03-05 00:30
VLAI
Details

When uploading organism or sequence data via the web interface, GMOD Apollo

will unzip and inspect the files and will not check for path traversal in supported archive types.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-23410"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-23"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-05T00:15:38Z",
    "severity": "CRITICAL"
  },
  "details": "When uploading organism or sequence data via the web interface, \n GMOD Apollo\n\n will unzip and inspect the files and will not check for path\n traversal in supported archive types.",
  "id": "GHSA-36r5-jp7x-x82r",
  "modified": "2025-03-05T00:30:35Z",
  "published": "2025-03-05T00:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23410"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-38FR-QXQ2-M645

Vulnerability from github – Published: 2023-07-20 00:30 – Updated: 2024-04-04 06:17
VLAI
Details

In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-34394"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-23",
      "CWE-434"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-19T22:15:10Z",
    "severity": "HIGH"
  },
  "details": "\n\n\n\n\n\n\nIn Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition.\n\n\n\n\n\n\n\n\n\n\n\n\n\n",
  "id": "GHSA-38fr-qxq2-m645",
  "modified": "2024-04-04T06:17:21Z",
  "published": "2023-07-20T00:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34394"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-39V3-F278-VJ3G

Vulnerability from github – Published: 2024-09-17 21:30 – Updated: 2025-01-03 16:12
VLAI
Summary
@backstage/plugin-techdocs-backend storage bucket Directory Traversal vulnerability
Details

Impact

When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks in Backstage.

Patches

This has been fixed in the 1.10.13 release of the @backstage/plugin-techdocs-backend package.

References

If you have any questions or comments about this advisory:

Open an issue in the Backstage repository Visit our Discord, linked to in Backstage README

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@backstage/plugin-techdocs-backend"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.10.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-45816"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-23"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-09-17T21:30:20Z",
    "nvd_published_at": "2024-09-17T21:15:12Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nWhen using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks in Backstage.\n\n### Patches\n\nThis has been fixed in the 1.10.13 release of the `@backstage/plugin-techdocs-backend` package.\n\n### References\n\nIf you have any questions or comments about this advisory:\n\nOpen an issue in the [Backstage repository](https://github.com/backstage/backstage)\nVisit our Discord, linked to in [Backstage README](https://github.com/backstage/backstage)\n",
  "id": "GHSA-39v3-f278-vj3g",
  "modified": "2025-01-03T16:12:39Z",
  "published": "2024-09-17T21:30:20Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/backstage/backstage/security/advisories/GHSA-39v3-f278-vj3g"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45816"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/backstage/backstage"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "@backstage/plugin-techdocs-backend storage bucket Directory Traversal vulnerability"
}

GHSA-3H4H-G6P9-V72M

Vulnerability from github – Published: 2025-03-14 18:30 – Updated: 2025-11-07 03:30
VLAI
Details

The API used to interact with documents in the application contains two endpoints with a flaw that allows an authenticated attacker to write a file with controlled contents to an arbitrary location on the underlying file system. This can be used to facilitate RCE. An account with ‘read’ and ‘write’ privileges on at least one existing document in the application is required to exploit the vulnerability. Exploitation of this vulnerability would allow an attacker to run commands of their choosing on the underlying operating system of the web server running LogicalDOC.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-54449"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-23"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-14T18:15:30Z",
    "severity": "HIGH"
  },
  "details": "The API used to interact with documents in the application contains two endpoints with a flaw that allows an authenticated attacker to write a file with controlled contents to an arbitrary location on the underlying file system. This can be used to facilitate RCE. An account with \u2018read\u2019 and \u2018write\u2019 privileges on at least one existing document in the application is required to exploit the vulnerability.\u00a0Exploitation of this vulnerability would allow an attacker to run commands of their choosing on the underlying operating system of the web server running LogicalDOC.",
  "id": "GHSA-3h4h-g6p9-v72m",
  "modified": "2025-11-07T03:30:24Z",
  "published": "2025-03-14T18:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54449"
    },
    {
      "type": "WEB",
      "url": "https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-3HFQ-9FXF-H35P

Vulnerability from github – Published: 2026-06-22 18:34 – Updated: 2026-06-22 18:34
VLAI
Details

A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-41046"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-23"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-22T16:16:35Z",
    "severity": "HIGH"
  },
  "details": "A path traversal attack when using a \"configName\" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root.",
  "id": "GHSA-3hfq-9fxf-h35p",
  "modified": "2026-06-22T18:34:14Z",
  "published": "2026-06-22T18:34:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41046"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1261889"
    },
    {
      "type": "WEB",
      "url": "https://github.com/presire/qSnapper/releases/tag/v1.3.3"
    },
    {
      "type": "WEB",
      "url": "https://security.opensuse.org/2026/05/26/qsnapper-dbus-issues.html#issue-path-traversal"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3J57-8HVG-F4CV

Vulnerability from github – Published: 2024-12-04 12:31 – Updated: 2024-12-04 12:31
VLAI
Details

In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-54154"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-23"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-04T12:15:20Z",
    "severity": "HIGH"
  },
  "details": "In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox",
  "id": "GHSA-3j57-8hvg-f4cv",
  "modified": "2024-12-04T12:31:45Z",
  "published": "2024-12-04T12:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54154"
    },
    {
      "type": "WEB",
      "url": "https://www.jetbrains.com/privacy-security/issues-fixed"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3JX4-4W9W-G9W4

Vulnerability from github – Published: 2024-12-16 09:31 – Updated: 2024-12-16 09:31
VLAI
Details

TenderDocTransfer from Chunghwa Telecom has an Arbitrary File Write vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains a Relative Path Traversal vulnerability, allowing attackers to write arbitrary files to any path on the user's system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-12642"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-23"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-16T07:15:06Z",
    "severity": "HIGH"
  },
  "details": "TenderDocTransfer from Chunghwa Telecom has an Arbitrary File Write vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains a Relative Path Traversal vulnerability, allowing attackers to write arbitrary files to any path on the user\u0027s system.",
  "id": "GHSA-3jx4-4w9w-g9w4",
  "modified": "2024-12-16T09:31:09Z",
  "published": "2024-12-16T09:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12642"
    },
    {
      "type": "WEB",
      "url": "https://www.twcert.org.tw/en/cp-139-8300-2eaa1-2.html"
    },
    {
      "type": "WEB",
      "url": "https://www.twcert.org.tw/tw/cp-132-8294-44d13-1.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-5.1
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.
  • Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if "../" sequences are removed from the ".../...//" string in a sequential fashion, two instances of "../" would be removed from the original string, but the remaining characters would still form the "../" string.
Mitigation MIT-20.1
Implementation

Strategy: Input Validation

  • Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
  • Use a built-in path canonicalization function (such as realpath() in C) that produces the canonical version of the pathname, which effectively removes ".." sequences and symbolic links (CWE-23, CWE-59). This includes:
  • realpath() in C
  • getCanonicalPath() in Java
  • GetFullPath() in ASP.NET
  • realpath() or abs_path() in Perl
  • realpath() in PHP
Mitigation MIT-29
Operation

Strategy: Firewall

Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].

CAPEC-139: Relative Path Traversal

An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.

CAPEC-76: Manipulating Web Input to File System Calls

An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.