The software, when opening a file or directory, does not
sufficiently account for when the file is a symbolic link that resolves to a
target outside of the intended control sphere. This could allow an attacker to
cause the software to operate on unauthorized files.
The software receives input from an upstream component, but it
does not neutralize or incorrectly neutralizes special characters that could be
interpreted as web-scripting elements when they are sent to an error
This entry has been deprecated. It originally came from PLOVER,
which sometimes defined "other" and "miscellaneous" categories in order to
satisfy exhaustiveness requirements for taxonomies. Within the context of CWE,
the use of a more abstract entry is preferred in mapping situations. CWE-75 is a
more appropriate mapping.