VULHUB ™

CwpAPI is a collection of PHP libraries designed to allow the easy creation of secure web programs. The function GetRelativePath is designed to ensure the return value is within the web root directory, but does not properly check all paths. If a program was constructed to rely on this security feature, it is possible it would be vulnerable to an attack. For example, it might be possible to read or write to files outside of the web root, if no additional permission checks or validation are performed.

CwpAPI is a collection of PHP libraries designed to allow the easy creation of secure web programs. The function GetRelativePath is designed to ensure the return value is within the web root directory, but does not properly check all paths. If a program was constructed to rely on this security feature, it is possible it would be vulnerable to an attack. For example, it might be possible to read or write to files outside of the web root, if no additional permission checks or validation are performed.