CWE-59
AllowedImproper Link Resolution Before File Access ('Link Following')
Abstraction: Base · Status: Draft
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
1992 vulnerabilities reference this CWE, most recent first.
GHSA-7J8W-V723-8CHG
Vulnerability from github – Published: 2023-04-01 00:30 – Updated: 2023-04-06 21:30There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path.
{
"affected": [],
"aliases": [
"CVE-2022-47188"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-31T22:15:00Z",
"severity": "HIGH"
},
"details": "There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path.",
"id": "GHSA-7j8w-v723-8chg",
"modified": "2023-04-06T21:30:20Z",
"published": "2023-04-01T00:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47188"
},
{
"type": "WEB",
"url": "https://www.generex.de/support/changelogs/cs141/2-12"
},
{
"type": "WEB",
"url": "https://www.generex.de/support/changelogs/cs141/page:2"
},
{
"type": "WEB",
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7JCP-V9W4-WJMG
Vulnerability from github – Published: 2026-05-26 15:32 – Updated: 2026-06-30 18:04A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to the host's container runtime (CRI-O) socket, an attacker can hijack virt-handler's privileged connection. This enables the attacker to access any Unix socket on the host, potentially leading to full control of the node and the entire cluster.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "kubevirt.io/kubevirt"
},
"ranges": [
{
"events": [
{
"introduced": "1.8.0-alpha.0"
},
{
"fixed": "1.8.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "kubevirt.io/kubevirt"
},
"ranges": [
{
"events": [
{
"introduced": "1.7.0-alpha.0"
},
{
"fixed": "1.7.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "kubevirt.io/kubevirt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-7374"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-30T18:04:03Z",
"nvd_published_at": "2026-05-26T14:16:40Z",
"severity": "CRITICAL"
},
"details": "A flaw was found in KubeVirt\u0027s virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to the host\u0027s container runtime (CRI-O) socket, an attacker can hijack virt-handler\u0027s privileged connection. This enables the attacker to access any Unix socket on the host, potentially leading to full control of the node and the entire cluster.",
"id": "GHSA-7jcp-v9w4-wjmg",
"modified": "2026-06-30T18:04:04Z",
"published": "2026-05-26T15:32:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7374"
},
{
"type": "WEB",
"url": "https://github.com/kubevirt/kubevirt/pull/17916"
},
{
"type": "WEB",
"url": "https://github.com/kubevirt/kubevirt/commit/011eef8129e2c21e0ea496f283ee1676009bc757"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-7374.json"
},
{
"type": "PACKAGE",
"url": "https://github.com/kubevirt/kubevirt"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463728"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-7374"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20975"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20890"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20886"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20866"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20825"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20782"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20767"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20763"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20736"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20720"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "KubeVirt has a Link Following vulnerability"
}
GHSA-7JV3-HCRW-WVCQ
Vulnerability from github – Published: 2022-05-17 01:47 – Updated: 2022-05-17 01:47src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function.
{
"affected": [],
"aliases": [
"CVE-2012-2093"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-05-18T22:55:00Z",
"severity": "LOW"
},
"details": "src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function.",
"id": "GHSA-7jv3-hcrw-wvcq",
"modified": "2022-05-17T01:47:00Z",
"published": "2022-05-17T01:47:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2093"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74869"
},
{
"type": "WEB",
"url": "https://trac.gajim.org/changeset/13759/src/common/latex.py"
},
{
"type": "WEB",
"url": "http://hg.gajim.org/gajim/rev/f046e4aaf7d4"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079169.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079237.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079241.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48695"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48794"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-201208-04.xml"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2012/04/10/15"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2012/04/10/6"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/53017"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-7M2V-R87H-VHC2
Vulnerability from github – Published: 2024-04-09 18:30 – Updated: 2024-04-09 18:30Windows Authentication Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-21447"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-09T17:15:35Z",
"severity": "HIGH"
},
"details": "Windows Authentication Elevation of Privilege Vulnerability",
"id": "GHSA-7m2v-r87h-vhc2",
"modified": "2024-04-09T18:30:24Z",
"published": "2024-04-09T18:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21447"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21447"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7M75-X27W-R52R
Vulnerability from github – Published: 2024-06-03 12:30 – Updated: 2024-06-04 17:50qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a desired file on the filesystem and arbitrary file write by including a symlink and a payload file in the snapshot's directory structure. This vulnerability allows for the reading and writing of arbitrary files on the server, which could potentially lead to a full takeover of the system. The issue is fixed in version v1.9.0.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "qdrant-client"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-3829"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-59"
],
"github_reviewed": true,
"github_reviewed_at": "2024-06-04T17:50:58Z",
"nvd_published_at": "2024-06-03T10:15:14Z",
"severity": "CRITICAL"
},
"details": "qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a desired file on the filesystem and arbitrary file write by including a symlink and a payload file in the snapshot\u0027s directory structure. This vulnerability allows for the reading and writing of arbitrary files on the server, which could potentially lead to a full takeover of the system. The issue is fixed in version v1.9.0.",
"id": "GHSA-7m75-x27w-r52r",
"modified": "2024-06-04T17:50:58Z",
"published": "2024-06-03T12:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3829"
},
{
"type": "WEB",
"url": "https://github.com/qdrant/qdrant/commit/ee7a31ec3459a6a4219200234615c1817ab82260"
},
{
"type": "PACKAGE",
"url": "https://github.com/qdrant/qdrant-client"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/abd9c906-75ee-4d84-b76d-ce1386401e08"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "qdrant input validation failure "
}
GHSA-7MJV-X3JF-545X
Vulnerability from github – Published: 2023-03-21 22:32 – Updated: 2023-03-21 22:32Impact
A vulnerability has been discovered in cloudflared's installer (<= 2023.3.0) for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges on the affected device. This vulnerability exists because the MSI installer used by cloudflared relied on a world-writable directory.
An attacker with local access to the device (without Administrator rights) can use symbolic links to trick the MSI installer into deleting files in locations that the attacker would otherwise have no access to. By creating a symlink from the world-writable directory to the target file, the attacker can manipulate the MSI installer's repair functionality to delete the target file during the repair process.
Exploitation of this vulnerability could allow an attacker to delete important system files or replace them with malicious files, potentially leading to the affected device being compromised.
The cloudflared client itself is not affected by this vulnerability, only the installer for 32-bit Windows devices.
Patches
A new installer was released as part of version 2023.3.1, corresponding to pseudoversion 0.0.0-20230313153246-f686da832f85 on pkg.go.dev. Users are encouraged to remove old installers from their systems.
References
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/cloudflare/cloudflared"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.0-20230313153246-f686da832f85"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-1314"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": true,
"github_reviewed_at": "2023-03-21T22:32:50Z",
"nvd_published_at": "2023-03-21T12:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\n\nA vulnerability has been discovered in cloudflared\u0027s installer (\u003c= 2023.3.0) for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges on the affected device. This vulnerability exists because the MSI installer used by cloudflared relied on a world-writable directory.\n\nAn attacker with local access to the device (without Administrator rights) can use symbolic links to trick the MSI installer into deleting files in locations that the attacker would otherwise have no access to. By creating a symlink from the world-writable directory to the target file, the attacker can manipulate the MSI installer\u0027s repair functionality to delete the target file during the repair process.\n\nExploitation of this vulnerability could allow an attacker to delete important system files or replace them with malicious files, potentially leading to the affected device being compromised.\n\n**The cloudflared client itself is not affected by this vulnerability, only the installer for 32-bit Windows devices.**\n\n### Patches\nA new installer was released as part of version 2023.3.1, corresponding to pseudoversion 0.0.0-20230313153246-f686da832f85 on pkg.go.dev. Users are encouraged to remove old installers from their systems.\n\n### References\n[Cloudflared Releases](https://github.com/cloudflare/cloudflared/releases)",
"id": "GHSA-7mjv-x3jf-545x",
"modified": "2023-03-21T22:32:50Z",
"published": "2023-03-21T22:32:50Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/cloudflare/cloudflared/security/advisories/GHSA-7mjv-x3jf-545x"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1314"
},
{
"type": "WEB",
"url": "https://github.com/cloudflare/cloudflared/commit/9c15f31d003bebfbe6467c2b42972df3e7c9b886"
},
{
"type": "PACKAGE",
"url": "https://github.com/cloudflare/cloudflared"
},
{
"type": "WEB",
"url": "https://github.com/cloudflare/cloudflared/releases"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "cloudflared\u0027s Installer has Local Privilege Escalation Vulnerability"
}
GHSA-7P5C-G6M3-V67R
Vulnerability from github – Published: 2024-01-09 18:30 – Updated: 2024-01-09 18:30Visual Studio Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-20656"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-09T18:15:48Z",
"severity": "HIGH"
},
"details": "Visual Studio Elevation of Privilege Vulnerability",
"id": "GHSA-7p5c-g6m3-v67r",
"modified": "2024-01-09T18:30:28Z",
"published": "2024-01-09T18:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20656"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20656"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7P6M-P6R7-2F8P
Vulnerability from github – Published: 2022-04-30 18:12 – Updated: 2022-04-30 18:12Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server. NOTE: this problem may be limited when Windows 95/98 clients are used, or if the primary domain controller becomes unavailable.
{
"affected": [],
"aliases": [
"CVE-1999-1593"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-01-15T01:30:00Z",
"severity": "HIGH"
},
"details": "Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server. NOTE: this problem may be limited when Windows 95/98 clients are used, or if the primary domain controller becomes unavailable.",
"id": "GHSA-7p6m-p6r7-2f8p",
"modified": "2022-04-30T18:12:46Z",
"published": "2022-04-30T18:12:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-1999-1593"
},
{
"type": "WEB",
"url": "https://www2.sans.org/reading_room/whitepapers/win2k/185.php"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/ntbugtraq/1998-1999/msg00371.html"
},
{
"type": "WEB",
"url": "http://seclists.org/bugtraq/2001/Jan/0264.html"
},
{
"type": "WEB",
"url": "http://seclists.org/bugtraq/2001/Jan/0269.html"
},
{
"type": "WEB",
"url": "http://seclists.org/bugtraq/2001/Jan/0271.html"
},
{
"type": "WEB",
"url": "http://seclists.org/bugtraq/2001/Jan/0274.html"
},
{
"type": "WEB",
"url": "http://seclists.org/bugtraq/2001/Jan/0276.html"
},
{
"type": "WEB",
"url": "http://seclists.org/bugtraq/2001/Jan/0289.html"
},
{
"type": "WEB",
"url": "http://seclists.org/bugtraq/2001/Jan/0298.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/2221"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-7P6P-4577-FPHG
Vulnerability from github – Published: 2022-05-17 00:43 – Updated: 2022-05-17 00:43The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/trigger.tmp temporary file.
{
"affected": [],
"aliases": [
"CVE-2008-5706"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-12-22T15:30:00Z",
"severity": "MODERATE"
},
"details": "The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/trigger.tmp temporary file.",
"id": "GHSA-7p6p-4577-fphg",
"modified": "2022-05-17T00:43:23Z",
"published": "2022-05-17T00:43:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5706"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/7183"
},
{
"type": "WEB",
"url": "http://bugs.debian.org/506530"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2008/12/17/16"
},
{
"type": "WEB",
"url": "http://securityreason.com/securityalert/4800"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/32889"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-7P8H-3XW2-W6JW
Vulnerability from github – Published: 2022-05-24 16:54 – Updated: 2023-02-24 00:30IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in .infxdirs. IBM X-Force ID: 144432.
{
"affected": [],
"aliases": [
"CVE-2018-1632"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-20T19:15:00Z",
"severity": "HIGH"
},
"details": "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in .infxdirs. IBM X-Force ID: 144432.",
"id": "GHSA-7p8h-3xw2-w6jw",
"modified": "2023-02-24T00:30:16Z",
"published": "2022-05-24T16:54:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1632"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144432"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190903-0002"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-48.1
Strategy: Separation of Privilege
- Follow the principle of least privilege when assigning access rights to entities in a software system.
- Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack
An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.
CAPEC-17: Using Malicious Files
An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
CAPEC-76: Manipulating Web Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.