VYPR

CWE-38

Path Traversal: '\absolute\pathname\here'

VariantDraft

Description

The product accepts input in the form of a backslash absolute path ('\absolute\pathname\here') without appropriate validation, which can allow an attacker to traverse the file system to unintended locations or access arbitrary files.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (1)

  • CVE-2026-9507MedJun 16, 2026
    risk 0.33cvss epss 0.00

    A session fixation vulnerability has been identified in osTicket v1.18.2. This security flaw allows an attacker to hijack a victim’s account by keeping the initial session identifier (OSTSESSID) active after a successful login. The issue lies in the fact that the…