CWE-59
AllowedImproper Link Resolution Before File Access ('Link Following')
Abstraction: Base · Status: Draft
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
1992 vulnerabilities reference this CWE, most recent first.
GHSA-GRQM-6JMC-2H46
Vulnerability from github – Published: 2022-04-22 00:24 – Updated: 2025-08-04 21:30_is_safe in the File::Temp module for Perl does not properly handle symlinks.
{
"affected": [],
"aliases": [
"CVE-2011-4116"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-31T18:15:00Z",
"severity": "MODERATE"
},
"details": "_is_safe in the File::Temp module for Perl does not properly handle symlinks.",
"id": "GHSA-grqm-6jmc-2h46",
"modified": "2025-08-04T21:30:35Z",
"published": "2022-04-22T00:24:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4116"
},
{
"type": "WEB",
"url": "https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14"
},
{
"type": "WEB",
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=69106"
},
{
"type": "WEB",
"url": "https://seclists.org/oss-sec/2011/q4/238"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2011/11/04/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2011/11/04/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GRV5-4XR2-Q4P5
Vulnerability from github – Published: 2022-05-17 00:22 – Updated: 2025-04-20 03:47foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, 20110722dfsg-1 as packaged in Debian unstable, and 20090908dfsg-5.1+squeeze0 as packaged in Debian squeeze create temporary files insecurely, which allows local users to write over arbitrary files via a symlink attack on /tmp/foo2zjs.
{
"affected": [],
"aliases": [
"CVE-2011-2684"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-23T18:29:00Z",
"severity": "MODERATE"
},
"details": "foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, 20110722dfsg-1 as packaged in Debian unstable, and 20090908dfsg-5.1+squeeze0 as packaged in Debian squeeze create temporary files insecurely, which allows local users to write over arbitrary files via a symlink attack on /tmp/foo2zjs.",
"id": "GHSA-grv5-4xr2-q4p5",
"modified": "2025-04-20T03:47:33Z",
"published": "2022-05-17T00:22:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2684"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633870"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/ubuntu/+source/foo2zjs/+bug/805370"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2684"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2011/07/06/10"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2014/02/08/5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GVJC-4RFJ-MXXJ
Vulnerability from github – Published: 2026-06-13 03:30 – Updated: 2026-06-30 03:37A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the O_NOFOLLOW flag. If the target file is replaced with a symlink, the shell process running as root follows the symlink and writes content to the symlink target, allowing arbitrary file overwrites on the system.
{
"affected": [],
"aliases": [
"CVE-2026-54230"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-13T03:16:21Z",
"severity": "HIGH"
},
"details": "A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the O_NOFOLLOW flag. If the target file is replaced with a symlink, the shell process running as root follows the symlink and writes content to the symlink target, allowing arbitrary file overwrites on the system.",
"id": "GHSA-gvjc-4rfj-mxxj",
"modified": "2026-06-30T03:37:03Z",
"published": "2026-06-13T03:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54230"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-54230"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488568"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-54230.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GVQJ-CJP6-GRRV
Vulnerability from github – Published: 2024-01-23 21:30 – Updated: 2024-07-03 18:33A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2023-52338"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-23T21:15:09Z",
"severity": "HIGH"
},
"details": "A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations.\n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
"id": "GHSA-gvqj-cjp6-grrv",
"modified": "2024-07-03T18:33:23Z",
"published": "2024-01-23T21:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52338"
},
{
"type": "WEB",
"url": "https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-076"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GVRG-2XVQ-7J38
Vulnerability from github – Published: 2022-05-13 01:53 – Updated: 2022-05-13 01:53w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.
{
"affected": [],
"aliases": [
"CVE-2018-6198"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-25T03:29:00Z",
"severity": "MODERATE"
},
"details": "w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.",
"id": "GHSA-gvrg-2xvq-7j38",
"modified": "2022-05-13T01:53:03Z",
"published": "2022-05-13T01:53:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6198"
},
{
"type": "WEB",
"url": "https://github.com/tats/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/888097"
},
{
"type": "WEB",
"url": "https://salsa.debian.org/debian/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3555-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3555-2"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00028.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/102855"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GWM6-Q8CH-HCFR
Vulnerability from github – Published: 2026-07-06 19:54 – Updated: 2026-07-06 19:54The -D path runs fs::create_dir_all on a pathname then later opens the destination via path-based File::create/fs::copy, neither anchored to a directory fd. Between the two, an attacker can replace a path component with a symlink, redirecting the write.
Impact: an attacker with concurrent write access to the destination tree can redirect a privileged install -D to an arbitrary location, enabling arbitrary file overwrite with attacker-controlled content. Recommendation: use dirfd-based traversal (openat/mkdirat + O_NOFOLLOW) per component and create the destination via openat on the same dirfd.
Remediation: Acknowledged by Canonical; fixed in commit 0c412999.
Reported by Zellic in the uutils coreutils Program Security Assessment (prepared for Canonical, Jan 20 2026), audited commit 3a07ffc5a9bd4c283e75afa548ba1f1957bad242. Finding 3.51. Credit: Zellic.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "uu_install"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-35356"
],
"database_specific": {
"cwe_ids": [
"CWE-367",
"CWE-59"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-06T19:54:56Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "The `-D` path runs `fs::create_dir_all` on a pathname then later opens the destination via path-based `File::create`/`fs::copy`, neither anchored to a directory fd. Between the two, an attacker can replace a path component with a symlink, redirecting the write.\n\n**Impact:** an attacker with concurrent write access to the destination tree can redirect a privileged `install -D` to an arbitrary location, enabling arbitrary file overwrite with attacker-controlled content. Recommendation: use dirfd-based traversal (`openat`/`mkdirat` + `O_NOFOLLOW`) per component and create the destination via `openat` on the same dirfd.\n\n**Remediation:** Acknowledged by Canonical; fixed in commit 0c412999.\n\n---\n_Reported by Zellic in the *uutils coreutils Program Security Assessment* (prepared for Canonical, Jan 20 2026), audited commit `3a07ffc5a9bd4c283e75afa548ba1f1957bad242`. Finding 3.51. Credit: Zellic._",
"id": "GHSA-gwm6-q8ch-hcfr",
"modified": "2026-07-06T19:54:56Z",
"published": "2026-07-06T19:54:56Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/uutils/coreutils/security/advisories/GHSA-gwm6-q8ch-hcfr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35356"
},
{
"type": "WEB",
"url": "https://github.com/uutils/coreutils/pull/10140"
},
{
"type": "WEB",
"url": "https://github.com/uutils/coreutils/commit/0c41299975f3c1e21cf5ca968d42cad55ceb42a1"
},
{
"type": "PACKAGE",
"url": "https://github.com/uutils/coreutils"
},
{
"type": "WEB",
"url": "https://github.com/uutils/coreutils/releases/tag/0.7.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "install -D: symlink race in directory creation allows arbitrary file overwrite"
}
GHSA-GWXW-RJ4R-JXQV
Vulnerability from github – Published: 2023-07-05 12:30 – Updated: 2024-01-07 12:30Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox < 115.
{
"affected": [],
"aliases": [
"CVE-2023-37206"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-05T10:15:09Z",
"severity": "MODERATE"
},
"details": "Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox \u003c 115.",
"id": "GHSA-gwxw-rj4r-jxqv",
"modified": "2024-01-07T12:30:29Z",
"published": "2023-07-05T12:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37206"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1813299"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202401-10"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-22"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GX69-6CP4-HXRJ
Vulnerability from github – Published: 2022-05-13 01:18 – Updated: 2023-03-08 20:17RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6.
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "rubygems-update"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.jruby:jruby-stdlib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.1.16.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-1000073"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": true,
"github_reviewed_at": "2023-03-08T20:17:23Z",
"nvd_published_at": "2018-03-13T15:29:00Z",
"severity": "HIGH"
},
"details": "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in `install_location` function of `package.rb` that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6.",
"id": "GHSA-gx69-6cp4-hxrj",
"modified": "2023-03-08T20:17:23Z",
"published": "2022-05-13T01:18:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000073"
},
{
"type": "WEB",
"url": "https://github.com/rubygems/rubygems/commit/1b931fc03b819b9a0214be3eaca844ef534175e2"
},
{
"type": "WEB",
"url": "https://github.com/jruby/jruby/commit/0b06b48ab4432237ce5fc1bef47f2c6bcf7843f7"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4259"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4219"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3621-1"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2018-1000073.yml"
},
{
"type": "PACKAGE",
"url": "https://github.com/rubygems/rubygems"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925986"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0663"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0591"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0542"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2028"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3731"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3730"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3729"
},
{
"type": "WEB",
"url": "http://blog.rubygems.org/2018/02/15/2.7.6-released.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "RubyGems Link Following vulnerability"
}
GHSA-GXFM-293Q-5F27
Vulnerability from github – Published: 2025-12-15 03:30 – Updated: 2025-12-15 03:30A vulnerability has been found in Ugreen DH2100+ up to 5.3.0. This affects an unknown function of the component USB Handler. Such manipulation leads to symlink following. The attack can be executed directly on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-14693"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-15T01:15:37Z",
"severity": "HIGH"
},
"details": "A vulnerability has been found in Ugreen DH2100+ up to 5.3.0. This affects an unknown function of the component USB Handler. Such manipulation leads to symlink following. The attack can be executed directly on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-gxfm-293q-5f27",
"modified": "2025-12-15T03:30:17Z",
"published": "2025-12-15T03:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14693"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.336411"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.336411"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.704646"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.704657"
},
{
"type": "WEB",
"url": "https://www.notion.so/2bc6cf4e528a8083bf3fc6f7a953f0a1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-GXFX-4M5Q-QCQF
Vulnerability from github – Published: 2022-05-24 16:50 – Updated: 2025-10-22 00:31An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1129.
{
"affected": [],
"aliases": [
"CVE-2019-1130"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-07-15T19:15:00Z",
"severity": "HIGH"
},
"details": "An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka \u0027Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1129.",
"id": "GHSA-gxfx-4m5q-qcqf",
"modified": "2025-10-22T00:31:42Z",
"published": "2022-05-24T16:50:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1130"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1130"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1130"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-48.1
Strategy: Separation of Privilege
- Follow the principle of least privilege when assigning access rights to entities in a software system.
- Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack
An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.
CAPEC-17: Using Malicious Files
An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
CAPEC-76: Manipulating Web Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.