Arbitrary file creation

Description

This script is possibly vulnerable to arbitrary file creation.

This issue allows an attacker to influence calls to functions which create files/directories and create arbitrary files. Due to a lack of input validation, an attacker can supply directory traversal sequences followed by an arbitrary file name to create specific files.

ShareShare on FacebookTweet about this on TwitterShare on Google+

Impact
This vulnerability allows attackers to create arbitrary files.

Recommendation
Your script should filter metacharacters from user input.

References
Acunetix Directory Traversal Attacks