目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-73 文件名或路径的外部可控制 类漏洞列表 334

CWE-73 文件名或路径的外部可控制 类弱点 334 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-73 属于路径遍历漏洞,指应用程序允许用户输入控制文件系统操作中的文件名或路径。攻击者通常利用此缺陷构造恶意路径,以访问或修改系统关键文件及敏感数据,从而破坏应用完整性。开发者应避免直接拼接用户输入,需通过白名单验证、规范化路径及严格过滤特殊字符,确保最终路径位于预期的安全目录内,从而有效阻断非法访问。

MITRE CWE 官方描述
CWE:CWE-73 外部控制文件名或路径 (External Control of File Name or Path) 英文:产品允许用户输入控制或影响在文件系统操作 (filesystem operations) 中使用的路径或文件名。 这可能导致攻击者访问或修改对应用程序至关重要的系统文件或其他文件。路径操纵错误 (Path manipulation errors) 在满足以下两个条件时发生:1. 攻击者可以指定在文件系统操作 (operation on the filesystem) 中使用的路径。2. 通过指定资源,攻击者获得了原本不被允许的能力。例如,程序可能赋予攻击者覆盖指定文件或运行由攻击者控制的配置的能力。
常见影响 (3)
Integrity, ConfidentialityRead Files or Directories, Modify Files or Directories
The application can operate on unexpected files. Confidentiality is violated when the targeted filename is not directly readable by the attacker.
Integrity, Confidentiality, AvailabilityModify Files or Directories, Execute Unauthorized Code or Commands
The application can operate on unexpected files. This may violate integrity if the filename is written to, or if the filename is for a program or other form of executable code.
AvailabilityDoS: Crash, Exit, or Restart, DoS: Resource Consumption (Other)
The application can operate on unexpected files. Availability can be violated if the attacker specifies an unexpected file that the application modifies. Availability can also be affected if the attacker specifies a filename for a large file, or points to a special device or a file that does not hav…
缓解措施 (5)
Architecture and DesignWhen the set of filenames is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames, and reject all other inputs. For example, ID 1 could map to "inbox.txt" and ID 2 could map to "profile.txt". Features such as the ESAPI AccessReferenceMap provide this capability.
Architecture and Design, OperationRun your code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict all access to files within a particular directory. Examples include the Unix chroot jail and AppArmor. In general, managed code may provide some protection. This may not be a feasible solution, and it only limits the impact to the oper…
Architecture and DesignFor any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
Effectiveness: High
ImplementationUse a built-in path canonicalization function (such as realpath() in C) that produces the canonical version of the pathname, which effectively removes ".." sequences and symbolic links (CWE-23, CWE-59).
代码示例 (2)
The following code uses input from an HTTP request to create a file name. The programmer has not considered the possibility that an attacker could provide a file name such as "../../tomcat/conf/server.xml", which causes the application to delete one of its own configuration files (CWE-22).
String rName = request.getParameter("reportName"); File rFile = new File("/usr/local/apfr/reports/" + rName); ... rFile.delete();
Bad · Java
The following code uses input from a configuration file to determine which file to open and echo back to the user. If the program runs with privileges and malicious users can change the configuration file, they can use the program to read any file on the system that ends with the extension .txt.
fis = new FileInputStream(cfg.getProperty("sub")+".txt"); amt = fis.read(arr); out.println(arr);
Bad · Java
CVE ID标题CVSS风险等级Published
CVE-2026-10559 SourceCodester Pizzafy Ecommerce System 文件包含漏洞 — Pizzafy Ecommerce System 6.3 Medium2026-06-02
CVE-2026-10558 SourceCodester Pizzafy 系统 index.php 文件包含漏洞 — Pizzafy Ecommerce System 6.3 Medium2026-06-02
CVE-2026-45088 dalfox 安全漏洞 — dalfox 7.5 High2026-05-27
CVE-2026-45089 dalfox 代码问题漏洞 — dalfox 8.2 High2026-05-27
CVE-2025-0898 WordPress plugin Xpro Elementor Addons - Pro 安全漏洞 — Xpro Elementor Addons - Pro 6.5 Medium2026-05-27
CVE-2026-45008 phpMyFAQ 安全漏洞 — phpmyfaq 6.5 Medium2026-05-15
CVE-2026-42597 Gotenberg 安全漏洞 — gotenberg 5.9 Medium2026-05-14
CVE-2026-40893 Gotenberg 安全漏洞 — gotenberg 8.2 High2026-05-14
CVE-2026-3892 WordPress plugin Motors 安全漏洞 — Motors – Car Dealership & Classified Listings Plugin 8.1 High2026-05-14
CVE-2026-0259 Palo Alto Networks WildFire 安全漏洞 — WildFire WF-500 and WF-500-B--2026-05-13
CVE-2026-30905 Zoom Workplace VDI Plugin Windows Universal Installer 安全漏洞 — Zoom Workplace VDI Plugin 7.8 High2026-05-13
CVE-2026-40370 Microsoft SQL Server 安全漏洞 — Microsoft SQL Server 2016 Service Pack 3 (GDR) 8.8 High2026-05-12
CVE-2026-41107 Microsoft Edge 安全漏洞 — Microsoft Edge (Chromium-based) 7.4 High2026-05-12
CVE-2026-40421 Microsoft Word 安全漏洞 — Microsoft 365 Apps for Enterprise 4.3 Medium2026-05-12
CVE-2026-41088 Microsoft Windows Ancillary Function Driver for WinSock 安全漏洞 — Windows 10 Version 21H2 7.8 High2026-05-12
CVE-2026-32204 Microsoft Azure Monitor Agent 安全漏洞 — Azure Monitor 7.8 High2026-05-12
CVE-2026-43891 changedetection.io 安全漏洞 — changedetection.io 7.5 High2026-05-12
CVE-2026-8043 Ivanti Xtraction 安全漏洞 — Xtraction 9.6 Critical2026-05-12
CVE-2026-42845 Grav CMS 安全漏洞 — grav-plugin-form--2026-05-11
CVE-2026-41693 i18next-fs-backend 路径遍历漏洞 — i18next-fs-backend 8.2 High2026-05-08
CVE-2026-44127 SEPPmail Secure Email Gateway 安全漏洞 — Secure Email Gateway 9.1AICriticalAI2026-05-08
CVE-2026-7633 TOTOLINK N300RH 安全漏洞 — N300RH 6.5 Medium2026-05-02
CVE-2026-42424 OpenClaw 安全漏洞 — OpenClaw 5.7 Medium2026-04-28
CVE-2026-41177 Squidex 安全漏洞 — squidex 5.5 Medium2026-04-22
CVE-2026-4132 WordPress plugin HTTP Headers 安全漏洞 — HTTP Headers 7.2 High2026-04-22
CVE-2026-41389 OpenClaw 安全漏洞 — OpenClaw 5.8 Medium2026-04-20
CVE-2026-35465 securedrop-client 安全漏洞 — securedrop-client 7.5 High2026-04-18
CVE-2026-39907 Unisys WebPerfect Image Suite 安全漏洞 — WebPerfect Image Suite 9.8 -2026-04-14
CVE-2026-5809 WordPress plugin wpForo Forum 安全漏洞 — wpForo Forum 7.1 High2026-04-11
CVE-2026-5054 NoMachine 安全漏洞 — NoMachine 7.8AIHighAI2026-04-11

CWE-73(文件名或路径的外部可控制) 是常见的弱点类别,本平台收录该类弱点关联的 334 条 CVE 漏洞。