Common Weakness Enumeration

CWE-59

Allowed

Improper Link Resolution Before File Access ('Link Following')

Abstraction: Base · Status: Draft

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1988 vulnerabilities reference this CWE, most recent first.

GHSA-CFCW-8FF3-9XW4

Vulnerability from github – Published: 2022-05-13 01:21 – Updated: 2022-05-13 01:21
VLAI
Details

An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0572, CVE-2019-0573.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-0574"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-08T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka \"Windows Data Sharing Service Elevation of Privilege Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0572, CVE-2019-0573.",
  "id": "GHSA-cfcw-8ff3-9xw4",
  "modified": "2022-05-13T01:21:18Z",
  "published": "2022-05-13T01:21:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0574"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0574"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/46160"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106431"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CFGC-FGG8-P3QF

Vulnerability from github – Published: 2022-10-26 12:00 – Updated: 2022-10-28 19:00
VLAI
Details

A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-31256"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-26T09:15:00Z",
    "severity": "HIGH"
  },
  "details": "A Improper Link Resolution Before File Access (\u0027Link Following\u0027) vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1.",
  "id": "GHSA-cfgc-fgg8-p3qf",
  "modified": "2022-10-28T19:00:32Z",
  "published": "2022-10-26T12:00:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31256"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1204696"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CFP6-PP5W-4V4G

Vulnerability from github – Published: 2025-07-08 09:31 – Updated: 2025-07-08 09:31
VLAI
Details

A low privileged remote attacker with file access can replace a critical file or folder used by the service security-profile to get read, write and execute access to any file on the device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-41668"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-08T07:15:25Z",
    "severity": "HIGH"
  },
  "details": "A low privileged remote attacker with file access can replace a critical file or folder used by the service security-profile to get read, write and execute access to any file on the device.",
  "id": "GHSA-cfp6-pp5w-4v4g",
  "modified": "2025-07-08T09:31:29Z",
  "published": "2025-07-08T09:31:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41668"
    },
    {
      "type": "WEB",
      "url": "https://certvde.com/en/advisories/VDE-2025-054"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CFVJ-7RX7-FC7C

Vulnerability from github – Published: 2026-03-03 21:18 – Updated: 2026-03-19 21:22
VLAI
Summary
OpenClaw: stageSandboxMedia destination symlink traversal can overwrite files outside sandbox workspace
Details

Summary

stageSandboxMedia allowed destination symlink traversal during media staging, which could overwrite files outside the sandbox workspace root.

Impact

When sandbox media staging handled inbound files, destination writes under media/inbound were not destination-alias-safe. If a symlink existed in that destination path, the write could follow it and overwrite host files outside the intended sandbox workspace boundary.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Latest published version checked: 2026.3.1
  • Affected: <= 2026.3.1
  • Patched versions: >= 2026.3.2 (released)

Root Cause

stageSandboxMedia validated source paths but wrote destination files with a direct copy path that did not enforce destination boundary/alias checks.

Remediation

The fix routes staging writes through root-scoped safe write primitives for both local and SCP-staged attachments, preventing destination symlink traversal escapes.

Fix Commit(s)

  • 17ede52a4be3034f6ec4b883ac6b81ad0101558a
Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2026.3.1"
      },
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-31990"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-03T21:18:28Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\n`stageSandboxMedia` allowed destination symlink traversal during media staging, which could overwrite files outside the sandbox workspace root.\n\n### Impact\nWhen sandbox media staging handled inbound files, destination writes under `media/inbound` were not destination-alias-safe. If a symlink existed in that destination path, the write could follow it and overwrite host files outside the intended sandbox workspace boundary.\n\n### Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published version checked: `2026.3.1`\n- Affected: `\u003c= 2026.3.1`\n- Patched versions: `\u003e= 2026.3.2` (released)\n\n### Root Cause\n`stageSandboxMedia` validated source paths but wrote destination files with a direct copy path that did not enforce destination boundary/alias checks.\n\n### Remediation\nThe fix routes staging writes through root-scoped safe write primitives for both local and SCP-staged attachments, preventing destination symlink traversal escapes.\n\n### Fix Commit(s)\n- `17ede52a4be3034f6ec4b883ac6b81ad0101558a`",
  "id": "GHSA-cfvj-7rx7-fc7c",
  "modified": "2026-03-19T21:22:14Z",
  "published": "2026-03-03T21:18:28Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cfvj-7rx7-fc7c"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31990"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/17ede52a4be3034f6ec4b883ac6b81ad0101558a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-symlink-traversal-in-stagesandboxmedia-destination"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw: stageSandboxMedia destination symlink traversal can overwrite files outside sandbox workspace"
}

GHSA-CGHW-HVR5-W2M2

Vulnerability from github – Published: 2023-01-12 15:30 – Updated: 2023-01-20 09:30
VLAI
Details

A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3592"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59",
      "CWE-61"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-12T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make \u0027smbd\u0027 escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the \u0027smbd\u0027 configured share path and gain access to another restricted server\u0027s filesystem.",
  "id": "GHSA-cghw-hvr5-w2m2",
  "modified": "2023-01-20T09:30:30Z",
  "published": "2023-01-12T15:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3592"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2022-3592"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137776"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202309-06"
    },
    {
      "type": "WEB",
      "url": "https://www.samba.org/samba/security/CVE-2022-3592.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CHCH-V8XX-WCP7

Vulnerability from github – Published: 2022-05-24 16:56 – Updated: 2024-04-04 02:00
VLAI
Details

A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient file location validation. An attacker could exploit this vulnerability by placing code in a specific format on a USB device and inserting it into an affected Cisco device. A successful exploit could allow the attacker to execute the code with root privileges on the underlying OS of the affected device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-12672"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-25T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient file location validation. An attacker could exploit this vulnerability by placing code in a specific format on a USB device and inserting it into an affected Cisco device. A successful exploit could allow the attacker to execute the code with root privileges on the underlying OS of the affected device.",
  "id": "GHSA-chch-v8xx-wcp7",
  "modified": "2024-04-04T02:00:07Z",
  "published": "2022-05-24T16:56:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12672"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iosxe-codeexec"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CJC3-7R36-PP49

Vulnerability from github – Published: 2024-09-19 09:36 – Updated: 2024-11-12 18:30
VLAI
Details

A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-45770"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-19T09:15:02Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges.",
  "id": "GHSA-cjc3-7r36-pp49",
  "modified": "2024-11-12T18:30:51Z",
  "published": "2024-09-19T09:36:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45770"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6837"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6840"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6842"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6843"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6844"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6846"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6847"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6848"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:9452"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-45770"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310451"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CJP2-4RWW-387P

Vulnerability from github – Published: 2022-05-14 02:56 – Updated: 2022-05-14 02:56
VLAI
Details

crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks on /tmp/crontab.XXXXXXXXXX temporary files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2011-1073"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-03-04T23:00:00Z",
    "severity": "LOW"
  },
  "details": "crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks on /tmp/crontab.XXXXXXXXXX temporary files.",
  "id": "GHSA-cjp2-4rww-387p",
  "modified": "2022-05-14T02:56:13Z",
  "published": "2022-05-14T02:56:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1073"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65899"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=full-disclosure\u0026m=129891323028897\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/02/28/14"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/02/28/6"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/8117"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/516716/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/46604"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-CM4X-R333-VVV9

Vulnerability from github – Published: 2023-01-10 21:30 – Updated: 2025-05-30 18:30
VLAI
Details

A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-38482"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-10T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4.",
  "id": "GHSA-cm4x-r333-vvv9",
  "modified": "2025-05-30T18:30:45Z",
  "published": "2023-01-10T21:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38482"
    },
    {
      "type": "WEB",
      "url": "https://cds.thalesgroup.com/en/tcs-cert/CVE-2022-38482"
    },
    {
      "type": "WEB",
      "url": "https://excellium-services.com/cert-xlm-advisory/CVE-2022-38482"
    },
    {
      "type": "WEB",
      "url": "https://www.mega.com/en/hopex-platform"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CMGP-37PH-2PH7

Vulnerability from github – Published: 2022-05-01 18:44 – Updated: 2022-05-01 18:44
VLAI
Details

ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2007-6595"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-12-31T19:46:00Z",
    "severity": "LOW"
  },
  "details": "ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled.",
  "id": "GHSA-cmgp-37ph-2ph7",
  "modified": "2022-05-01T18:44:33Z",
  "published": "2022-05-01T18:44:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6595"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39335"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39339"
    },
    {
      "type": "WEB",
      "url": "http://kolab.org/security/kolab-vendor-notice-19.txt"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28949"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29891"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31437"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200808-07.xml"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3501"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1019148"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1497"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/485631/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/27064"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0606"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation MIT-48.1
Architecture and Design

Strategy: Separation of Privilege

  • Follow the principle of least privilege when assigning access rights to entities in a software system.
  • Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack

An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.

CAPEC-17: Using Malicious Files

An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.

CAPEC-35: Leverage Executable Code in Non-Executable Files

An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.

CAPEC-76: Manipulating Web Input to File System Calls

An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.