The application allows user input to influence file paths without proper sanitization, enabling access to files outside the intended directory.
An attacker could read sensitive files such as configuration files, source code, or system files, potentially leading to further compromise.
Use an allowlist of permitted files. Validate and sanitize all file path input. Use chroot jails or containerization. Avoid passing user input directly to file system functions.