Description
This script is vulnerable to arbitrary file creation.
This issue allows an attacker to influence calls to functions which create files/directories and create arbitrary files. Due to a lack of input validation, an attacker can supply directory traversal sequences followed by an arbitrary file name to create specific files.
Remediation
Your script should filter metacharacters from user input.
References
Related Vulnerabilities
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2021-37149)
SharePoint Improper Input Validation Vulnerability (CVE-2013-0081)
WordPress Plugin Social Media Widget Serving Spam (4.0)
WordPress Plugin Category List Portfolio Page TimThumb Arbitrary File Upload (1.2.3)
Squid Improper Input Validation Vulnerability (CVE-2020-25097)