String argument $A is used to read or write data from a file via Path.Combine without direct sanitization via Path.GetFileName. If the path is user-supplied data this can lead to path traversal. Likelihood: LOW Confidence: MEDIUM CWE: - CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
OWASP: - A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control