Description

This script is possibly vulnerable to directory traversal attacks.

Directory Traversal is a vulnerability which allows attackers to access restricted directories and read files outside of the web server's root directory.

Remediation

Your script should filter metacharacters from user input.

References

Acunetix Directory Traversal Attacks

Related Vulnerabilities

WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads Directory Traversal (2.4.19)

WordPress Plugin Landing Page Builder-Drag and drop Page Creator, Page Designer, and Coming Soon Pages Local File Inclusion (1.4.3)

WordPress Plugin Database Backup for WordPress 'edit.php' Directory Traversal (1.7)

WordPress Plugin Simple Download Button Shortcode 'file' Parameter Information Disclosure (1.0)

WordPress Plugin Sina Extension for Elementor Local File Inclusion (2.2.0)

Severity

High

Classification

CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Directory Traversal