Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,152 vulnerabilities with CWE-22

CVE-2024-41726 HIGH

SKYSEA Client View 3.013.00-19.210.04e - Authenticated Path Traversal and Arbitrary Code Execution

CVE-2024-5882 HIGH

Ultimate Classified Listings < 1.3 - Unauthenticated Path Traversal via ucl_page and layout Parameters

CVE-2024-41628 HIGH

Severalnines Cluster Control <2.1.0 - Path Traversal

CVE-2024-42007 MEDIUM

php-spx <= 0.4.15 - Path Traversal via SPX_UI_URI

CVE-2024-41373 MEDIUM

ICEcoder 8.1 - Path Traversal via backup-versions-preview-loader.php

CVE-2024-7080 MEDIUM

Insurance Management System 1.0 - Path Traversal in /E-Insurance/

CVE-2024-40422 CRITICAL

stitionai devika v1 - Path Traversal

CVE-2024-6885 HIGH

MaxiBlocks: 2200+ Patterns - Path Traversal

CVE-2024-6791 HIGH

NI VeriStand <2024 Q2 - Path Traversal

CVE-2024-40051 HIGH

IP Guard v4.81.0307.0 - Info Disclosure

CVE-2024-28698 CRITICAL

CSLA .NET < 5.5.4 - Remote Code Execution via MobileFormatter Path Traversal

CVE-2024-39688 MEDIUM

fish.audio bert-vits2 < 2.3 - Path Traversal and Arbitrary File Write via data_dir Variable

CVE-2024-41704 CRITICAL

LibreChat <= 0.7.4-rc1 - Path Traversal via Image Path Normalization

CVE-2024-6949 MEDIUM

Gargaj wuhu - Path Traversal via /pages.php?edit=News

CVE-2024-6281 HIGH

parisneo/lollms <9.5.1 - Path Traversal

CVE-2024-40348 HIGH

bazarr < 1.4.3 - Unauthenticated Path Traversal via /api/swaggerui/static

CVE-2024-3934 MEDIUM

Mercado Pago payments for WooCommerce <7.5.1 - Path Traversal

CVE-2024-40629 CRITICAL

JumpServer 3.0.0-3.10.12 - Remote Code Execution via Ansible Playbook File Write

CVE-2024-40628 CRITICAL

fit2cloud jumpserver 3.0.0-3.10.11 - Path Traversal and Sensitive Information Disclosure via Ansible Playbook

CVE-2024-6164 CRITICAL

Filter & Grids WordPress Plugin < 2.8.33 - Unauthenticated Local File Inclusion via post_layout Parameter

CVE-2024-28993 HIGH

SolarWinds Access Rights Manager < 2024.3 - Unauthenticated Path Traversal and Information Disclosure

CVE-2024-28992 HIGH

SolarWinds Access Rights Manager < 2023.2.4 - Unauthenticated Path Traversal and Information Disclosure

CVE-2024-23475 CRITICAL

SolarWinds Access Rights Manager < 2023.2.4 - Unauthenticated Directory Traversal and Information Disclosure

CVE-2024-23474 HIGH

SolarWinds Access Rights Manager < 2023.2.4 - Arbitrary File Deletion and Information Disclosure

CVE-2024-23472 CRITICAL

SolarWinds Access Rights Manager < 2023.2.4 - Authenticated Path Traversal and Arbitrary File Read/Delete

Previous Page 107 of 367 Next

Details

Vulnerabilities 9,152

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy