Improper Filesystem Permissions

Improper Filesystem Permissions are a threat to the confidentiality, integrity, and availability of an application. The problem arises when incorrect filesystem permissions – such as read, write, modify, or execute – are set on files, folders, and symbolic links. These improper permissions allow the attacker to access restricted files or directories and modify or delete their contents. 

As an example, if an anonymous user account has write permission to a file, then an attacker may be able to modify the contents of the file influencing the web application in undesirable ways. Attackers can also exploit improper symlinks to escalate their privileges and/or access unauthorized files; for example, a symlink that points to a directory outside of the web root.