CWE-73

GPTKB entity

Statements (74)
Predicate Object
gptkbp:instance_of gptkb:Common_Weakness_Enumeration
gptkbp:bfsLayer 6
gptkbp:bfsParent gptkb:CWE-21
gptkb:CWE-23
gptkb:CWE-74
gptkbp:category Improper Input Validation
gptkbp:consequences Data loss, data corruption, unauthorized access.
gptkbp:difficulty gptkb:High
gptkbp:example Using user input to specify a file path for a file read operation.
gptkbp:has_weakness gptkb:CWE-703
gptkb:CWE-190
gptkb:CWE-400
gptkb:CWE-611
gptkb:CWE-754
gptkb:CWE-775
gptkb:CWE-787
gptkb:CWE-829
gptkb:CWE-835
gptkb:CWE-862
gptkb:CWE-863
gptkb:CWE-864
gptkb:CWE-865
gptkb:CWE-866
gptkb:CWE-887
gptkb:CWE-888
gptkb:CWE-889
gptkb:CWE-892
gptkb:CWE-893
gptkb:CWE-894
gptkb:CWE-895
gptkb:CWE-896
gptkb:CWE-897
gptkb:CWE-898
gptkb:CWE-899
gptkb:CWE-125
gptkb:CWE-89
gptkb:CWE-20
CWE-78
CWE-798
CWE-867
CWE-868
CWE-869
CWE-870
CWE-871
CWE-872
CWE-873
CWE-874
CWE-875
CWE-876
CWE-877
CWE-878
CWE-879
CWE-880
CWE-881
CWE-882
CWE-883
CWE-884
CWE-885
CWE-886
CWE-890
CWE-891
CWE-843
https://www.w3.org/2000/01/rdf-schema#label CWE-73
gptkbp:impact Potential unauthorized access to files.
gptkbp:is_described_as The software uses an external input to construct a file name or path that is used to access a file.
gptkbp:is_protected_by Validate and sanitize all external inputs.
gptkbp:name External Control of File Name or Path
gptkbp:related_to gptkb:CWE-22
gptkb:CWE-134
gptkb:CWE-36
CWE-59
gptkbp:supports Web applications
Mobile applications
Desktop applications