The following code is vulnerable to path injection as it creates a path using
untrusted data without validation.

An attacker can exploit the vulnerability in this code to {code_impact}
arbitrary files.