Common Weakness Enumeration

CWE-59

Allowed

Improper Link Resolution Before File Access ('Link Following')

Abstraction: Base · Status: Draft

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1992 vulnerabilities reference this CWE, most recent first.

GHSA-GH8X-XC3F-F8GM

Vulnerability from github – Published: 2022-05-17 02:08 – Updated: 2022-05-17 02:08
VLAI
Details

openibd in OpenFabrics Enterprise Distribution (OFED) 1.5.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ib_set_node_desc.sh temporary file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2010-1693"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-10-26T19:00:00Z",
    "severity": "MODERATE"
  },
  "details": "openibd in OpenFabrics Enterprise Distribution (OFED) 1.5.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ib_set_node_desc.sh temporary file.",
  "id": "GHSA-gh8x-xc3f-f8gm",
  "modified": "2022-05-17T02:08:42Z",
  "published": "2022-05-17T02:08:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1693"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62753"
    },
    {
      "type": "WEB",
      "url": "http://lists.openfabrics.org/pipermail/ewg/2010-October/015886.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/41937"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2010/10/22/1"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/68856"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/44332"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-GH9H-87WV-W3QC

Vulnerability from github – Published: 2022-05-14 03:16 – Updated: 2022-05-14 03:16
VLAI
Details

The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file information could be exposed. This vulnerability affects Firefox < 58.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-5107"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-11T21:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file information could be exposed. This vulnerability affects Firefox \u003c 58.",
  "id": "GHSA-gh9h-87wv-w3qc",
  "modified": "2022-05-14T03:16:40Z",
  "published": "2022-05-14T03:16:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5107"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1379276"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3544-1"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-02"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102786"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040270"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GHH4-4CXH-FCWJ

Vulnerability from github – Published: 2024-01-16 21:31 – Updated: 2024-01-16 21:31
VLAI
Details

Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-6336"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-16T20:15:45Z",
    "severity": "HIGH"
  },
  "details": "Improper Link Resolution Before File Access (\u0027Link Following\u0027) vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.\n\n",
  "id": "GHSA-ghh4-4cxh-fcwj",
  "modified": "2024-01-16T21:31:22Z",
  "published": "2024-01-16T21:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6336"
    },
    {
      "type": "WEB",
      "url": "https://www.hypr.com/security-advisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GHMQ-J73X-MV5Q

Vulnerability from github – Published: 2023-02-13 09:30 – Updated: 2023-02-23 06:30
VLAI
Details

Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-23697"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-13T08:15:00Z",
    "severity": "LOW"
  },
  "details": "Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.",
  "id": "GHSA-ghmq-j73x-mv5q",
  "modified": "2023-02-23T06:30:19Z",
  "published": "2023-02-13T09:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23697"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000207929/dsa-2023-030"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GHQJ-2WP8-298G

Vulnerability from github – Published: 2024-10-28 21:30 – Updated: 2026-04-02 21:31
VLAI
Details

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, visionOS 2.1, macOS Sonoma 14.7.1, watchOS 11.1, tvOS 18.1. A malicious app may be able to access private information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-44273"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-28T21:15:07Z",
    "severity": "MODERATE"
  },
  "details": "This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, visionOS 2.1, macOS Sonoma 14.7.1, watchOS 11.1, tvOS 18.1. A malicious app may be able to access private information.",
  "id": "GHSA-ghqj-2wp8-298g",
  "modified": "2026-04-02T21:31:59Z",
  "published": "2024-10-28T21:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44273"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/121563"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/121564"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/121565"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/121566"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/121569"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/121570"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Oct/11"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Oct/12"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Oct/15"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Oct/16"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Oct/9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GJ52-RQW6-XXQH

Vulnerability from github – Published: 2023-04-11 03:31 – Updated: 2023-04-14 18:30
VLAI
Details

Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability via the component \Wacom\Wacom_Tablet.exe.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-43293"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-11T01:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability via the component \\Wacom\\Wacom_Tablet.exe.",
  "id": "GHSA-gj52-rqw6-xxqh",
  "modified": "2023-04-14T18:30:19Z",
  "published": "2023-04-11T03:31:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43293"
    },
    {
      "type": "WEB",
      "url": "https://cdn.wacom.com/u/productsupport/drivers/win/professional/releasenotes/Windows_6.4.2-1.html"
    },
    {
      "type": "WEB",
      "url": "https://github.com/LucaBarile/CVE-2022-43293"
    },
    {
      "type": "WEB",
      "url": "https://lucabarile.github.io/Blog/CVE-2022-43293/index.html"
    },
    {
      "type": "WEB",
      "url": "https://lucabarile.github.io/Blog/blog.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GJQM-928W-FR7F

Vulnerability from github – Published: 2023-08-01 15:30 – Updated: 2024-04-04 06:28
VLAI
Details

The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. This bug only affects Firefox on Windows. Other operating systems are unaffected. This vulnerability affects Firefox < 116 and Firefox ESR < 115.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-4052"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-01T15:15:10Z",
    "severity": "MODERATE"
  },
  "details": "The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. \n*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox \u003c 116 and Firefox ESR \u003c 115.1.",
  "id": "GHSA-gjqm-928w-fr7f",
  "modified": "2024-04-04T06:28:33Z",
  "published": "2023-08-01T15:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4052"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1824420"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-29"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-31"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-33"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GM5Q-2CX5-WR2J

Vulnerability from github – Published: 2022-05-01 23:57 – Updated: 2024-02-09 16:54
VLAI
Summary
Joomla! Open Redirect vulnerability
Details

Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "joomla/framework"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.5.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2008-3227"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-09T16:54:13Z",
    "nvd_published_at": "2008-07-18T16:41:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a \"User Redirect Spam fix,\" possibly an open redirect vulnerability.",
  "id": "GHSA-gm5q-2cx5-wr2j",
  "modified": "2024-02-09T16:54:13Z",
  "published": "2022-05-01T23:57:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3227"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44205"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/joomla/joomla-framework"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20080501000000*/http://www.joomla.org/content/view/5180/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Joomla! Open Redirect vulnerability"
}

GHSA-GMW6-94GG-2RC2

Vulnerability from github – Published: 2021-08-31 16:03 – Updated: 2022-06-17 20:51
VLAI
Summary
UNIX Symbolic Link (Symlink) Following in @npmcli/arborist
Details

Impact

Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution

@npmcli/arborist, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder.

This is accomplished by extracting package contents into a project's node_modules folder.

If the node_modules folder of the root project or any of its dependencies is somehow replaced with a symbolic link, it could allow Arborist to write package dependencies to any arbitrary location on the file system.

Note that symbolic links contained within package artifact contents are filtered out, so another means of creating a node_modules symbolic link would have to be employed.

  1. A preinstall script could replace node_modules with a symlink. (This is prevented by using --ignore-scripts.)
  2. An attacker could supply the target with a git repository, instructing them to run npm install --ignore-scripts in the root. This may be successful, because npm install --ignore-scripts is typically not capable of making changes outside of the project directory, so it may be deemed safe.

Patches

2.8.2 (included in npm v7.20.7 and above)

Workarounds

Do not run npm install on untrusted codebases, without first ensuring that the node_modules directory in the project is not a symbolic link.

Fix

Prior to extracting any package contents, the node_modules folder into which it is extracted is verified to be a real directory. If it is not, then it is removed.

Caveat: if you are currently relying on creating a symbolic link to the node_modules folder in order to share dependencies between projects, then that will no longer be possible. Please use the npm link command, explicit file:... dependencies, and/or workspaces to share dependencies in a development environment.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@npmcli/arborist"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.8.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-39135"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59",
      "CWE-61"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-31T16:03:00Z",
    "nvd_published_at": "2021-08-31T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nArbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution\n\n`@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder.\n\nThis is accomplished by extracting package contents into a project\u0027s `node_modules` folder.\n\nIf the `node_modules` folder of the root project or any of its dependencies is somehow replaced with a symbolic link, it could allow Arborist to write package dependencies to any arbitrary location on the file system.\n\nNote that symbolic links contained within package artifact contents are filtered out, so another means of creating a `node_modules` symbolic link would have to be employed.\n\n1. A `preinstall` script could replace `node_modules` with a symlink.  (This is prevented by using `--ignore-scripts`.)\n2. An attacker could supply the target with a git repository, instructing them to run `npm install --ignore-scripts` in the root.  This may be successful, because `npm install --ignore-scripts` is typically not capable of making changes outside of the project directory, so it may be deemed safe.\n\n### Patches\n\n2.8.2 (included in npm v7.20.7 and above)\n\n### Workarounds\n\nDo not run `npm install` on untrusted codebases, without first ensuring that the `node_modules` directory in the project is not a symbolic link.\n\n### Fix\n\nPrior to extracting any package contents, the `node_modules` folder into which it is extracted is verified to be a real directory.  If it is not, then it is removed.\n\nCaveat: if you are currently relying on creating a symbolic link to the `node_modules` folder in order to share dependencies between projects, then that will no longer be possible.  Please use the `npm link` command, explicit `file:...` dependencies, and/or `workspaces` to share dependencies in a development environment.",
  "id": "GHSA-gmw6-94gg-2rc2",
  "modified": "2022-06-17T20:51:19Z",
  "published": "2021-08-31T16:03:34Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/npm/arborist/security/advisories/GHSA-gmw6-94gg-2rc2"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39135"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/npm/arborist"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/package/@npmcli/arborist"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "UNIX Symbolic Link (Symlink) Following in @npmcli/arborist"
}

GHSA-GPCM-H3WC-3765

Vulnerability from github – Published: 2022-11-23 18:30 – Updated: 2022-11-28 21:30
VLAI
Details

An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2009-1142"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-23T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled.",
  "id": "GHSA-gpcm-h3wc-3765",
  "modified": "2022-11-28T21:30:23Z",
  "published": "2022-11-23T18:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1142"
    },
    {
      "type": "WEB",
      "url": "https://bugs.gentoo.org/264577"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-48.1
Architecture and Design

Strategy: Separation of Privilege

  • Follow the principle of least privilege when assigning access rights to entities in a software system.
  • Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack

An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.

CAPEC-17: Using Malicious Files

An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.

CAPEC-35: Leverage Executable Code in Non-Executable Files

An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.

CAPEC-76: Manipulating Web Input to File System Calls

An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.