CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,152 vulnerabilities with CWE-22
CVE-2024-42471 HIGH
actions/artifact <2.1.2 - Path Traversal
CVSS 7.3
CVE-2024-43957 MEDIUM
Animated Number Counters < 1.9 - PHP Local File Inclusion via Path Traversal
CVSS 6.5
CVE-2024-43955 CRITICAL
Themeum Droip <= 1.1.1 - Unauthenticated Path Traversal and Arbitrary File Download/Deletion
CVSS 10.0
CVE-2024-8304 MEDIUM
jpress < 5.1.1 - Path Traversal via Template Module Handler
CVSS 4.7
CVE-2024-45436 HIGH
Ollama < 0.1.47 - Path Traversal via ZIP Archive Extraction
CVSS 7.5
CVE-2024-44761 CRITICAL
EQ Enterprise Management System <2.0.0 - Path Traversal
CVSS 9.8
CVE-2024-7744 MEDIUM
WS_FTP Server < 8.8.8 - Authenticated Path Traversal via Web Transfer Module
CVSS 6.5
CVE-2024-6312 MEDIUM
Funnelforms Free <3.7.3.2 - Path Traversal
CVSS 6.5
CVE-2024-4556 MEDIUM
OpenText NetIQ Access Manager < 5.0.4 and < 5.1 - Path Traversal
CVSS 5.7
CVE-2024-3980 CRITICAL
MicroSCADA Pro/X SYS600 - Path Traversal
CVSS 9.9
CVE-2024-6789 MEDIUM
M-Files Server < 24.2.13421.15, < 24.8.13981.0, < 23.8.12892.0 SR6 - Authenticated Path Traversal via API Endpoint
CVSS 6.5
CVE-2024-8165 MEDIUM
Chengdu Everbrite Network Technology BeikeShop <1.5.5 - Path Traversal
CVSS 4.3
CVE-2024-8163 MEDIUM
Chengdu Everbrite Network Technology BeikeShop <1.5.5 - Path Traversal
CVSS 5.4
CVE-2024-45256 CRITICAL
BYOB Unauthenticated RCE via Arbitrary File Write and Command Injection (CVE-2024-45256, CVE-2024-45257)
CVSS 9.8
CVE-2024-45241 HIGH
CentralSquare CryWolf - Path Traversal
CVSS 7.5
CVE-2024-45189 MEDIUM
Mage AI - Path Traversal and Arbitrary File Read via Git Content Request
CVSS 6.5
CVE-2024-45188 MEDIUM
Mage AI - Path Traversal in File Content Request
CVSS 6.5
CVE-2024-7634 MEDIUM
F5 NGINX Agent 2.17.0-2.36.9 and NGINX Instance Manager 2.3.1-2.17.1 - Path Traversal via Config Dirs Restriction Bypass
CVSS 4.9
CVE-2024-6141 HIGH
Windscribe - Local Privilege Escalation via Path Traversal
CVSS 7.8
CVE-2024-43022 HIGH
TOSEI online store mgmt <4.04 - Path Traversal
CVSS 7.5
CVE-2024-7603 HIGH
Logsign Unified SecOps Platform - Authenticated Directory Traversal and Arbitrary Directory Deletion via HTTP API
CVSS 8.1
CVE-2024-7602 MEDIUM
Logsign Unified SecOps Platform - Authenticated Path Traversal and Information Disclosure via HTTP API
CVSS 6.5
CVE-2024-7601 HIGH
Logsign Unified SecOps Platform - Authenticated Arbitrary File Deletion via data_export_delete_all Path Traversal
CVSS 8.1
CVE-2024-7600 HIGH
Logsign Unified SecOps Platform - Authenticated Path Traversal and Arbitrary File Deletion via HTTP API
CVSS 8.1
CVE-2024-7782 HIGH
Contact Form by Bit Form 2.0.0-2.13.4 - Authenticated Arbitrary File Deletion via iconRemove Function
CVSS 8.7
Details
Vulnerabilities 9,152
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits