gptkbp:instance_of
|
gptkb:Common_Weakness_Enumeration
|
gptkbp:bfsLayer
|
6
|
gptkbp:bfsParent
|
gptkb:CWE-21
gptkb:CWE-23
gptkb:CWE-74
|
gptkbp:category
|
Improper Input Validation
|
gptkbp:consequences
|
Data loss, data corruption, unauthorized access.
|
gptkbp:difficulty
|
gptkb:High
|
gptkbp:example
|
Using user input to specify a file path for a file read operation.
|
gptkbp:has_weakness
|
gptkb:CWE-703
gptkb:CWE-190
gptkb:CWE-400
gptkb:CWE-611
gptkb:CWE-754
gptkb:CWE-775
gptkb:CWE-787
gptkb:CWE-829
gptkb:CWE-835
gptkb:CWE-862
gptkb:CWE-863
gptkb:CWE-864
gptkb:CWE-865
gptkb:CWE-866
gptkb:CWE-887
gptkb:CWE-888
gptkb:CWE-889
gptkb:CWE-892
gptkb:CWE-893
gptkb:CWE-894
gptkb:CWE-895
gptkb:CWE-896
gptkb:CWE-897
gptkb:CWE-898
gptkb:CWE-899
gptkb:CWE-125
gptkb:CWE-89
gptkb:CWE-20
CWE-78
CWE-798
CWE-867
CWE-868
CWE-869
CWE-870
CWE-871
CWE-872
CWE-873
CWE-874
CWE-875
CWE-876
CWE-877
CWE-878
CWE-879
CWE-880
CWE-881
CWE-882
CWE-883
CWE-884
CWE-885
CWE-886
CWE-890
CWE-891
CWE-843
|
https://www.w3.org/2000/01/rdf-schema#label
|
CWE-73
|
gptkbp:impact
|
Potential unauthorized access to files.
|
gptkbp:is_described_as
|
The software uses an external input to construct a file name or path that is used to access a file.
|
gptkbp:is_protected_by
|
Validate and sanitize all external inputs.
|
gptkbp:name
|
External Control of File Name or Path
|
gptkbp:related_to
|
gptkb:CWE-22
gptkb:CWE-134
gptkb:CWE-36
CWE-59
|
gptkbp:supports
|
Web applications
Mobile applications
Desktop applications
|