Get Started
- CodeAnt AI
- Setup
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Doctrine
- Lang
- Security
- Security
- Audit
- Injection
- Search-active-debug
- Search-cookie-secure-false-ini-config
- Taint-cookie-http-false
- Taint-cookie-secure-false
- Taint-unsafe-echo-tag
- Tainted-code-execution
- Tainted-command-injection
- Tainted-curl-injection
- Tainted-path-traversal
- Tainted-url-to-connection
- Tainted-url-to-guzzle-client
- Tainted-url-to-httpful
- Tainted-user-input-in-php-script
- Tainted-user-input-in-script
- Xml-external-entities-unsafe-entity-loader
- Xml-external-entities-unsafe-parser-flags
- Laravel
- Secrets
- Symfony
- Wordpress-plugins
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml
Tainted-path-traversal
Tainted path traversal
Detected user input going into a php include or require command, which can lead to path traversal and sensitive data being exposed. These commands can also lead to code execution. Instead, allowlist files that the user can access or rigorously validate user input.
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-23: Relative Path Traversal
OWASP:
- A01:2021 - Broken Access Control
Assistant
Responses are generated using AI and may contain mistakes.