CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,152 vulnerabilities with CWE-22
CVE-2024-7777 CRITICAL
Contact Form by Bit Form 2.0-2.13.9 - Authenticated Arbitrary File Read and Deletion via Insufficient Path Validation
CVSS 9.0
CVE-2024-7928 MEDIUM
fastadmin < 1.3.4.20220530 - Path Traversal via /index/ajax/lang lang Parameter
CVSS 4.3
CVE-2024-7927 HIGH
ZZCMS 2023 - Path Traversal via skin[] Parameter in /admin/class.php
CVSS 7.3
CVE-2024-7926 HIGH
ZZCMS 2023 - Path Traversal via skin Parameter in about_edit.php
CVSS 7.3
CVE-2024-43345 HIGH
PluginOps Landing Page Builder <1.5.2.0 - Path Traversal
CVSS 7.5
CVE-2024-43328 HIGH
WPDeveloper EmbedPress <4.0.9 - Path Traversal
CVSS 8.3
CVE-2024-7924 MEDIUM
ZZCMS 2023 - Path Traversal via /I/list.php Skin Parameter
CVSS 5.3
CVE-2024-43281 MEDIUM
VOID CODERS Void Elementor Post Grid Addon - Path Traversal
CVSS 5.3
CVE-2024-43271 HIGH
Themelocation Woo Products Widgets For Elementor <2.0.0 - Path Trav...
CVSS 8.5
CVE-2024-43248 HIGH
Bit Apps Bit Form Pro <2.6.4 - Path Traversal
CVSS 8.6
CVE-2024-43232 HIGH
WP OnlineSupport <2.3 - Path Traversal
CVSS 8.5
CVE-2024-43221 HIGH
Crocoblock JetGridBuilder <1.1.2 - Path Traversal
CVSS 8.5
CVE-2024-43399 HIGH
Mobile Security Framework < 4.0.7 - Path Traversal via Static Libraries Extraction
CVSS 8.0
CVE-2024-43395 HIGH
craftos2 < 2.8.3 - Path Traversal via Obfuscated Parent Directory Sequences
CVSS 8.2
CVE-2024-43011 MEDIUM
zzcms < 2023 - Arbitrary File Deletion via admin/del.php Path Traversal
CVSS 4.9
CVE-2024-7145 HIGH
JetElements < 2.6.20 - Authenticated Local File Inclusion via Progress Type Parameter
CVSS 8.8
CVE-2024-7146 HIGH
JetTabs for Elementor <2.2.3 - Code Injection
CVSS 8.8
CVE-2024-7263 HIGH
Kingsoft WPS Office 12.2.0.13110-12.2.0.17115 - Arbitrary Library Load via promecefpluginhost.exe Path Validation Bypass
CVSS 7.8
CVE-2024-7262 HIGH KEV
Kingsoft WPS Office 12.2.0.13110-12.2.0.16412 - Arbitrary Library Loading via Path Traversal in promecefpluginhost.exe
CVSS 7.8
CVE-2024-43373 HIGH
webcrack < 2.14.1 - Arbitrary File Write via Unpack Bundles Feature
CVSS 7.7
CVE-2024-42680 MEDIUM
Super easy enterprise management system <1.0.0 - Info Disclosure
CVSS 5.5
CVE-2024-27120 HIGH
ComfortKey <24.1.2 - Info Disclosure
CVSS 7.5
CVE-2024-39406 MEDIUM
Adobe Commerce 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier - Authenticated Path Traversal and Arbitrary File Read
CVSS 6.8
CVE-2024-39399 HIGH
Adobe Commerce < 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 - Path Traversal and Arbitrary File Read
CVSS 7.7
CVE-2024-38652 CRITICAL
Ivanti Avalanche 6.3.1 - Path Traversal
CVSS 9.1
Details
Vulnerabilities 9,152
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits