目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1325

100%
请我们喝杯咖啡

CWE-73 文件名或路径的外部可控制 类漏洞列表 348

CWE-73 文件名或路径的外部可控制 类弱点 348 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-73 属于路径遍历漏洞,指应用程序允许用户输入控制文件系统操作中的文件名或路径。攻击者通常利用此缺陷构造恶意路径,以访问或修改系统关键文件及敏感数据,从而破坏应用完整性。开发者应避免直接拼接用户输入,需通过白名单验证、规范化路径及严格过滤特殊字符,确保最终路径位于预期的安全目录内,从而有效阻断非法访问。

MITRE CWE 官方描述
CWE:CWE-73 外部控制文件名或路径 (External Control of File Name or Path) 英文:产品允许用户输入控制或影响在文件系统操作 (filesystem operations) 中使用的路径或文件名。 这可能导致攻击者访问或修改对应用程序至关重要的系统文件或其他文件。路径操纵错误 (Path manipulation errors) 在满足以下两个条件时发生:1. 攻击者可以指定在文件系统操作 (operation on the filesystem) 中使用的路径。2. 通过指定资源,攻击者获得了原本不被允许的能力。例如,程序可能赋予攻击者覆盖指定文件或运行由攻击者控制的配置的能力。
常见影响 (3)
Integrity, ConfidentialityRead Files or Directories, Modify Files or Directories
The application can operate on unexpected files. Confidentiality is violated when the targeted filename is not directly readable by the attacker.
Integrity, Confidentiality, AvailabilityModify Files or Directories, Execute Unauthorized Code or Commands
The application can operate on unexpected files. This may violate integrity if the filename is written to, or if the filename is for a program or other form of executable code.
AvailabilityDoS: Crash, Exit, or Restart, DoS: Resource Consumption (Other)
The application can operate on unexpected files. Availability can be violated if the attacker specifies an unexpected file that the application modifies. Availability can also be affected if the attacker specifies a filename for a large file, or points to a special device or a file that does not hav…
缓解措施 (5)
Architecture and DesignWhen the set of filenames is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames, and reject all other inputs. For example, ID 1 could map to "inbox.txt" and ID 2 could map to "profile.txt". Features such as the ESAPI AccessReferenceMap provide this capability.
Architecture and Design, OperationRun your code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict all access to files within a particular directory. Examples include the Unix chroot jail and AppArmor. In general, managed code may provide some protection. This may not be a feasible solution, and it only limits the impact to the oper…
Architecture and DesignFor any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
Effectiveness: High
ImplementationUse a built-in path canonicalization function (such as realpath() in C) that produces the canonical version of the pathname, which effectively removes ".." sequences and symbolic links (CWE-23, CWE-59).
代码示例 (2)
The following code uses input from an HTTP request to create a file name. The programmer has not considered the possibility that an attacker could provide a file name such as "../../tomcat/conf/server.xml", which causes the application to delete one of its own configuration files (CWE-22).
String rName = request.getParameter("reportName"); File rFile = new File("/usr/local/apfr/reports/" + rName); ... rFile.delete();
Bad · Java
The following code uses input from a configuration file to determine which file to open and echo back to the user. If the program runs with privileges and malicious users can change the configuration file, they can use the program to read any file on the system that ends with the extension .txt.
fis = new FileInputStream(cfg.getProperty("sub")+".txt"); amt = fis.read(arr); out.println(arr);
Bad · Java
CVE ID标题CVSS风险等级Published
CVE-2026-8118 Royal Addons for Elementor 1.7.1058-1.7.1059 认证任意文件读取漏洞 — Royal Addons for Elementor – Addons and Templates Kit for Elementor 6.5 Medium2026-06-19
CVE-2025-52465 GeoServer Master Password Dump Page 任意文件写入漏洞 — org.geoserver.web:gs-web-app 7.2 High2026-06-18
CVE-2026-2604 Evolution Data Server 安全漏洞 — Evolution Data Server 5.6 Medium2026-06-16
CVE-2026-10303 ServerCo getssl 输入验证错误漏洞 — getssl 7.4 High2026-06-16
CVE-2026-34030 Wertheim SafeController Software for VAULT ROOMS 输入验证错误漏洞 — Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System)--2026-06-15
CVE-2026-47643 Microsoft Azure Stack Edge 安全漏洞 — Azure Stack Edge 9.8 Critical2026-06-09
CVE-2025-12656 WordPress plugin WPvivid Backup & Migration 安全漏洞 — WPvivid — Backup, Migration & Staging 3.8 Low2026-06-05
CVE-2026-20175 Cisco Finesse 安全漏洞 — Cisco Finesse 6.1 Medium2026-06-03
CVE-2026-35080 MBS多款产品 安全漏洞 — Single-A 8.1 High2026-06-03
CVE-2026-35079 MBS多款产品 安全漏洞 — Single-A 8.1 High2026-06-03
CVE-2026-35078 MBS多款产品 安全漏洞 — Single-A 8.1 High2026-06-03
CVE-2026-35077 MBS多款产品 安全漏洞 — Single-A 8.1 High2026-06-03
CVE-2026-35076 MBS多款产品 安全漏洞 — Single-A 8.1 High2026-06-03
CVE-2026-10694 SourceCodester Online Food Ordering System 安全漏洞 — Online Food Ordering System 7.3 High2026-06-03
CVE-2026-10559 SourceCodester Pizzafy Ecommerce System 安全漏洞 — Pizzafy Ecommerce System 6.3 Medium2026-06-02
CVE-2026-10558 SourceCodester Pizzafy Ecommerce System 安全漏洞 — Pizzafy Ecommerce System 6.3 Medium2026-06-02
CVE-2026-45088 dalfox 安全漏洞 — dalfox 7.5 High2026-05-27
CVE-2026-45089 dalfox 代码问题漏洞 — dalfox 8.2 High2026-05-27
CVE-2025-0898 WordPress plugin Xpro Elementor Addons - Pro 安全漏洞 — Xpro Elementor Addons - Pro 6.5 Medium2026-05-27
CVE-2026-45008 phpMyFAQ 安全漏洞 — phpmyfaq 6.5 Medium2026-05-15
CVE-2026-42597 Gotenberg 安全漏洞 — gotenberg 5.9 Medium2026-05-14
CVE-2026-40893 Gotenberg 安全漏洞 — gotenberg 8.2 High2026-05-14
CVE-2026-3892 WordPress plugin Motors 安全漏洞 — Motors – Car Dealership & Classified Listings Plugin 8.1 High2026-05-14
CVE-2026-0259 Palo Alto Networks WildFire 安全漏洞 — WildFire WF-500 and WF-500-B--2026-05-13
CVE-2026-30905 Zoom Workplace VDI Plugin Windows Universal Installer 安全漏洞 — Zoom Workplace VDI Plugin 7.8 High2026-05-13
CVE-2026-40370 Microsoft SQL Server 安全漏洞 — Microsoft SQL Server 2016 Service Pack 3 (GDR) 8.8 High2026-05-12
CVE-2026-41107 Microsoft Edge 安全漏洞 — Microsoft Edge (Chromium-based) 7.4 High2026-05-12
CVE-2026-41088 Microsoft Windows Ancillary Function Driver for WinSock 安全漏洞 — Windows 10 Version 21H2 7.8 High2026-05-12
CVE-2026-40421 Microsoft Word 安全漏洞 — Microsoft 365 Apps for Enterprise 4.3 Medium2026-05-12
CVE-2026-32204 Microsoft Azure Monitor Agent 安全漏洞 — Azure Monitor 7.8 High2026-05-12

CWE-73(文件名或路径的外部可控制) 是常见的弱点类别,本平台收录该类弱点关联的 348 条 CVE 漏洞。