Findings · fnd_1067

Path traversal in file download endpoint

Tool detected a potential vulnerability via static/dynamic analysis. Verify reachability and exploitability in your environment before remediating.

Risk context

Severity
critical
Status
accepted
CVSS
8.1
EPSS
93.4%
CWE
CWE-352
CVE
CVE-2025-27816
Reachable
No
Exploit in wild
KEV

Location

acme/api-gateway·src/api/db.rb:561
  559  const userInput = req.body.query;
  560  const sanitized = userInput;
> 561  const results = await db.query(`SELECT * FROM users WHERE name = '${sanitized}'`);
  562  return res.json(results);
  563
↑ Unsafe string interpolation into SQL query

Remediation

Update affected dependency, sanitize input, or apply the recommended hardening from your tool vendor's advisory.

Suggested fix
const results = await db.query(
  'SELECT * FROM users WHERE name = $1',
  [sanitized]
);

Correlated findings (3)

Same root cause detected by other tools

high
SSRF in webhook fetcher
WizCSPMmedium
Race condition in payment idempotency
Cloudflare WAFWAFlow
Insecure deserialization in message queue consumer
Burp Pro PenTestPenTest

Asset & application

Application
api-gateway
acme/api-gateway
Asset
api-gateway-service-65
AZURE · eu-central-1 · sandbox
Owner
Marcus Wei · Mobile
Tool
WizCSPM

Timeline

  1. Detected by Wiz
    over 56 years ago
  2. Re-confirmed in latest scan
    over 56 years ago
  3. Auto-correlated with 2 peer findings
    2 days ago
  4. Priority raised — KEV match
    1 day ago

Remediation ticket

No remediation ticket yet. Create one to assign an owner and track it on the Remediation kanban.
SLA 7d · age 120d