CAPEC-76: Manipulating Web Input to File System Calls
ID
CAPEC-76
Typical Severity
Very High
Likelihood Of Attack
High
Status
Draft
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.
Weaknesses
| # ID | Name | Type |
|---|---|---|
| CWE-15 | External Control of System or Configuration Setting | weakness |
| CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | weakness |
| CWE-23 | Relative Path Traversal | weakness |
| CWE-59 | Improper Link Resolution Before File Access ('Link Following') | weakness |
| CWE-73 | External Control of File Name or Path | weakness |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | weakness |
| CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') | weakness |
| CWE-272 | Least Privilege Violation | weakness |
| CWE-285 | Improper Authorization | weakness |
| CWE-346 | Origin Validation Error | weakness |
| CWE-348 | Use of Less Trusted Source | weakness |